German Federal Data Protection Act (FDPA)

The German Federal Data Protection Act (FDPA) [Bundesdatenschutzgesetz (BDSG)] has been announced as Art. 1 of the Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680 [Gesetz zur Anpassung des Datenschutzrechts an die Verordnung (EU) 2016/679 und zur Umsetzung der Richtlinie (EU) 2016/680 (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU – DSAnpUG-EU)]).

Quick start

Part 1 - Common provisions
Chapter 1 - 1 2
Chapter 2 - 3 4
Chapter 3 - 5 6 7
Chapter 4 - 8 9 10 11 12 13 14 15 16
Chapter 5 - 17 18 19
Chapter 6 - 20 21
Part 2 - Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679
Chapter 1 - 22 23 24 25 26 27 28 29 30 31
Chapter 2 - 32 33 34 35 36 37
Chapter 3 - 38 39
Chapter 4 - 40
Chapter 5 - 41 42 43
Chapter 6 - 44
Part 3 - Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680
Chapter 1 - 45 46 47
Chapter 2 - 48 49 50 51 52 53 54
Chapter 3 - 55 56 57 58 59 60 61
Chapter 4 - 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77
Chapter 5 - 78 79 80 81
Chapter 6 - 82
Chapter 7 - 83 84
Part 4 - Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680
85

Full text of the FDPA

The Bundestag has adopted the following Act with the approval of the Bundesrat: Article 1 Federal Data Protection Act (FDPA)

Part 1 – Common provisions

Chapter 1 – Scope and definitions

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Data protection officers of public bodies

Chapter 4 – Federal Commissioner for Data Protection and Freedom of Information

Chapter 5 – Representation on the European Data Protection Board, single contact point, cooperation among the federal supervisory authorities and those of the Länder concerning European Union matters

Chapter 6 – Legal remedies

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679

Chapter 1 – Legal basis for processing personal data

Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 5 – Transfers of data to third countries and to international organizations

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680

Articles 2 to 7 of the DSAnpUG-EU define adjustments that have become necessary in other German laws as well as changes that have already been made to the old FDPA. These changes are not listed here.

The full text of the DSAnpUG-EU corresponds to the publication in the Bundesgesetzblatt (Federal Law Gazette), Part I No. 44 issued in Bonn on 5 July 2017, p. 2097ff. The translation was provided by the Federal Ministry of the Interior. No liability is assumed for any errors. The original German publication remains the authoritative version.