What do data protection laws protect

Federal Data Protection Act (BDSG) - Legal basis for data protection

The most important information about the Federal Data Protection Act in brief

  • The Federal Data Protection Act (BDSG) regulates data protection in Germany and provides public and non-public bodies Instructions for the collection and processing of personal data.
  • The BDSG transfers EU data protection law into national law and requires an amendment with the entry into force of the new EU General Data Protection Regulation. The legislative process is still ongoing.
  • In addition to the BDSG, numerous other laws and ordinances regulate data protection in Germany - both at federal and state level. Each state has one own data protection law.

Important! This text refers to the no longer valid version of the Federal Data Protection Act (BDSG), which was replaced with effect from May 25, 2018 by the General Data Protection Regulation (GDPR) and the BDSG-new. You can find information on the current data protection regulations here:

More on the topic: Specific guides on the Federal Data Protection Act

Data secrecy (Section 5 BDSG) Data protection audit (Section 9a BDSG) Prior check (Section 4d (5) BDSG)

What is the Federal Data Protection Act (BDSG)?

The Basic Law determined in the Articles 1 and 2 the special importance of the personal rights of every human being. One of these fundamental rights is that of informational self-determination. In a landmark ruling from 1983 (the so-called census ruling), the Federal Constitutional Court decided that everyone can decide for themselves how their personal data are released and used. Data protection is supposed to maintain this fundamental right.

The right to informational self-determination granted by the Basic Law can only partially - as slightly as possible - restricted due to a law become. However, this is only possible if the collection and use of the data serves the general interest, is proportional and the processes are transparent for all citizens.

This is the legal basis that regulates possible restrictions on informational self-determination as well as the handling of sensitive data sets and lists data protection guidelines Federal Data Protection Act (BDSG).

Which data are subject to the Federal Data Protection Act?

Basically, an important distinction must first be made between the two, which are often incorrectly synonymously related Terms "data protection" and "data security". Not all data are created equal. This is reflected in the differentiation.

The privacy concerns all; applies to all personal data. This includes information on an identifiable or already identified natural person (e.g. personal details, religious and political orientation, sexuality, etc.). They are worth protecting because of the basic right to informational self-determination and the right to privacy. The BDSG is supposed to guarantee data protection on the public side.

The Data security however, is broader. It relates to backing up Data of any kind. Data protection can thus be seen as an important part of data security.

What does the data protection law in Germany regulate?

The current Federal Data Protection Act sets the regulations of the European Data Protection Directive 95/46 / EC into national law. The core of the BDSG is the regulation of the handling of personal data during data processing and data collection in order to avoid the impairment of the personal rights of those affected (Section 1 (1) BDSG).

It's authoritative binding for public bodies of the federal and state governments as well private companiesthat collect personal data (Section 1 (2) BDSG).

The content of the Federal Data Protection Act currently includes as a whole 72 paragraphsthat in the following six sections are divided into:

  1. General and common provisions
  2. Data processing by public authorities
  3. Data processing by non-public bodies and competing companies under public law
  4. Special regulations
  5. Final provisions
  6. Transitional provisions

Federal Data Protection Act: Summary of the most important content

In the following, the most important cornerstones to the data protection practiced in Germany according to the BDSG are summarized:

  1. Every citizen has the right to determine who he or she discloses personal data to and how or when it can be used. In principle, data collection and data processing requires the Consent of the person concernedif the survey is not permitted or even ordered by other legal provisions (Section 4 BDSG).
  2. In addition, the Federal Data Protection also defines the Rights of the persons affected: If data is collected and / or processed that is permitted under the BDSG, every person concerned has the right to view and check the data stored about him (in particular §§ 19, 34 BDSG). In addition to the stored data, he also receives information about the recipients of the data and the purpose of storage.
  3. Particularly sensitive personal data are subject to far stricter regulation and may only be stored or processed in the rarest of cases. This includes information about a person's trade union membership, their religious, philosophical or political orientation, their racial and ethnic origin, data about their physical and mental health, crimes or administrative offenses they have committed and information on sexuality (Section 3 (9) BDSG).
  4. Public and private bodies must Delete, block or correct saved dataif these are incorrect, are no longer required or their storage was not permitted from the outset (in particular §§ 20, 35 BDSG). This obligation also applies in particular to any personal data that may be collected and which are particularly worthy of protection, which as a rule may not be stored if no law or legal regulation allows or orders this.
  5. It's just supposed to as little personal data is collected as possible and necessary according to the respective purpose (§ 3a BDSG). If the respective purpose allows it, the data should also be anonymized and pseudonymized.
  6. Public and private bodies are allowed to save, change and use dataif these are necessary for the collection, the correctness of the information is doubted, dangers to public safety are to be averted, they are necessary for the execution of sentences or serve research purposes.
  7. In the event of a violation of the data protection granted according to BDSG Fines up to 50,000 euros (Section 43 (1) BDSG) or up to 300,000 euros (Section 43 (2) BDSG).
  8. In the case of willful violations of Section 43 (2) BDSG, there is also a risk of a Imprisonment for up to two years or a fine (Section 44 BDSG). However, this is a Application offense, which must be reported to the Federal Commissioner for Data Protection and Freedom of Information.

New BDSG version adopted in April 2017

At the April 27, 2017 the Bundestag has passed a new German data protection law. While the old version of the BDSG transferred the points decided in the European data protection directive into national law, this innovation is now necessary because:

On May 24, 2016, the new EU General Data Protection Regulation (GDPR) in force. The EU member states are required to apply the regulations made here or to adapt existing data protection concepts. They have time for it until May 25, 2018, because only then do the measures contained in the GDPR actually apply. They become binding law for all member states.

The new BDSG is intended to meet this requirement, but has not yet come into force. The legislative process is still ongoing. The Federal Council still has to approve the proposal.

Further legal bases for data protection

However, not only the BDSG is relevant. Besides this there is also other laws intended to guarantee data protection in Germany. The Federal Data Protection Act largely regulates data protection in the federal government, but also others nationwide regulations as well as country-specific data protection regulations and laws impose narrow limits on data processing and data collection.

The laws on data protection can be broken down as follows:

  1. Federal data protection laws:
    • Federal Data Protection Act
    • Laws and regulations on specific areas (e.g. ordinance on the data to be stored in accordance with the Federal Criminal Police Office Act, Federal Cancer Register Data Act)
  2. Data protection laws of the countries in Germany
    • each state's own data protection law, which regulates the work of the public authorities (each state has its own)
    • Area-specific state laws and regulations (either incorporated into the individual ordinances and state laws or separated, such as in the North Rhine-Westphalian Health Data Protection Act)
are public bodies affected, then this is the first thing that applies to data protection Law of the respective federal state Application. Each federal state has its own law on data protection, which is essentially always based on the BDSG and only transfers the regulations contained therein into state law.

It is hardly possible to provide a complete list of all data protection legislation in addition to the BDSG in Germany, as there are individual specific data protection laws (e.g. the North Rhine-Westphalian Health Data Protection Act) General data protection regulations also incorporated into existing regulations and laws were.

When it comes to the storage and use of personal data private, non-public bodies, this falls within the scope of the Federal Data Protection Act.

Conclusion: THE data protection act does not exist

In Germany there is not just one data protection regulation that must be used for all matters. Data protection is largely based on the BDSG. The Federal Data Protection Act, in turn, results from the implementation of the European Data Protection Directive and requires an amendment due to the new EU General Data Protection Regulation, which is binding for all member states.

For data protection in public transport by authorities, offices and co., However, the legal basis for data protection is the respective state laws to use. From Berlin to Saarland, each federal state has its own data protection law. This in turn transfers the regulations made in the BDSG into state law. With the completion of the revision of the Federal Data Protection Act, some changes will have to be made at the state level as well.

In addition, numerous already existing laws and ordinances were added new paragraphs insertedthat deal with data protection in the specific area concerned - along with new and specific lawsthat deal with data protection in individual areas.

So there isn't the one Law, but numerous legal bases for data protectionwhich is preceded by the BDSG - which in turn is preceded by EU data protection law.
(47 Ratings, average: 4,36 of 5)
Federal Data Protection Act (BDSG) - Legal basis for data protection
4.36547Loading ...

You might also be interested in: