German data protection compared to the GDPR
Germany has extensively utilized the opening clauses of the GDPR to establish separate data protection provisions for Germany. There are both additions and deviations from the GDPR concerning key data protection topics that companies must be aware of. If certain topics are not linked, there are no differing provisions in national data protection law.
GDPR opening clauses
Germany has made use of the opening clauses, particularly concerning the processing of data in the public sector, data processing for scientific purposes, and data processing in healthcare.
Key differences and national specifics
Specific data protection laws and official guidelines
Germany has specific data protection laws and official guidelines. These provide detailed information and guidance for compliance with data protection regulations in Germany.
Legal basis and sensitive data
Germany has specific regulations regarding the legal basis for data processing and the processing of sensitive data. These regulations are important to ensure that companies adhere to data protection requirements correctly.
E-Marketing and cookies
Data subject rights
The rights of data subjects in Germany are extensively regulated. Companies should ensure that they respect these rights and adequately inform data subjects.
Data Protection Impact Assessment (DPIA) and Data Protection Officer
Companies in Germany should ensure that they conduct DPIAs in accordance with German regulations. Additionally, there are regulations regarding the appointment of a Data Protection Officer.
Germany has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in Germany or conducting business with German citizens should ensure that they fully understand and comply with both the GDPR and German data protection law.