German Bundestag passes second act on the adaptation of data protection law to the GDPR LinkedIn

July 20 16:51 2019 Print This Article

Following the amendment of the Federal Data Protection Act (“BDSG”) in 2017, on 27 June 2019 the German Bundestag passed a second act to adapt the highly fragmented German data protection law to the requirements of the European General Data Protection Regulation (“GDPR”). The goal is to bring the sector-specific data protection rules in 154 federal laws in line with the requirements of the GDPR, which came into force on 25 May 2018. Also affected are a number of laws that are important for businesses, such as the Fiscal Code, the Banking Act, and the Securities Trading Act. The new provisions primarily focus on special legal bases for data processing, the rights of the data subjects, the obligations for processors, cross-border data transfers to countries outside the EU, and the requirements for technical and organizational measures.1

First amendments to the BDSG

One year into the data protection regime created by the GDPR, the law also brings important changes to the BDSG:

  • Firstly, it changes the mandatory threshold for controllers and processors to designate a data protection officer. The minimum is now 20 (up from ten previously) employees of a company who are permanently engaged in the processing of personal data.2 Further requirements to designate a data protection officer pursuant to Art. 37 of the GDPR remain unaffected.
  • Secondly, the German Bundestag has simplified the requirements for obtaining consent in the context of employment. As employees can give their consent electronically in accordance with the requirements of the GDPR, the BDSG will be amended correspondingly. It will be sufficient in future for the employer to save the consent as an e-mail.3 This change takes place within the framework of the coalition agreement one of the aims of which is to examine all laws for their digital suitability.4

No changes to the Telecommunications Act

Despite this large-scale initiative, no changes to the data protection provisions set out in the Telecommunications Act (“TKG”) have been made at this point. Although several members of parliament requested some modifications, they were ultimately rejected.5 The future aim is to implement the requirements of the ePrivacy Directive into the TKG while removing the parts of the TKG that overlap or conflict with the GDPR.6

This article was originally posted here: https://www.jdsupra.com/legalnews/german-bundestag-passes-second-act-on-41103/

  Article "tagged" as:
  Categories:
view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment