Germany is preparing for the new European Union General Data Protection Regulations by passing an entirely new Bundesdatenschutzgesetz – BDSG (Federal Data Protection Act). The new BDSG will replace the previous version which has been in place for over 40 years. It will adapt the current German laws to ensure that it meets the provisions of the European Union’s new General Data Protection Regulations.
Like the new GDPR, Germany’s new Federal Data Protection Act is more wide ranging than people may first think and will not just affect German companies and organisations but will affect any business or organisation operating in Germany. It is crucial that any entities that operate in Germany analyse the new German Federal Data Protection Act to ensure that their German operations are in compliance with them. The new provisions that organisations should be aware of include:
- Misconduct Carries A High Risk – Violating the EU GDPR regulations carries the risk of fines up to 20 million Euros or 4% of revenue, whichever is higher. Violations which solely concern the new German Federal Data Protection Act will be subject to a fine up to 50,000 Euros.
- Personal Suffering Compensation – Data subjects may claim damages for non-pecuniary damage under the new Federal Data Protection Act in Germany.
- Processing Stations – Under the new FDPA in Germany there are special irc provisions for situations such as data protection at work, profiling and video surveillance.
- Burden Of Proof – The burden of proof will be on companies to prove that they are complying with the new data protection regulations in Germany. As well, they must also implement the extensive document obligations that are required by the European General Data Protection Regulations.
- Transparency – Companies must observe very strict requirements with regards to the transparency of their data that they process.
- Works Councils – Under the new Federal Data Protection Act in German, work councils too must also comply with it fully as well as with the European Union’s General Data Protection Regulations.
- Work Council Agreements – Legitimate data processing under work council agreements is still allowed but they must fulfill the requirements of the German Federal Data Protection Act and the European Union Data Protection Act.
Undoubtedly, the new German data protection regulations are complex and difficult to understand. However, it is crucial that organisations and companies that have operations in Germany comply with them as they may be subject to fines if not. The fact is, with these new Federal Data Protection Regulations being written with the new European GDPR in mind so much of the work that may need to be done will ensure compliance not just with the German data protection regulations but with the forthcoming European General Data Protection Regulations too that come into force on May 25, 2018.