Privacy Laws

German data protection compared to the GDPR

The German flag with the Reichstag building in the background — © Dirk / stock.adobe.com | #466750762

General overview

Germany has extensively utilized the opening clauses of the GDPR to establish separate data protection provisions for Germany. There are both additions and deviations from the GDPR concerning key data protection topics that companies must be aware of. If certain topics are not linked, there are no differing provisions in national data protection law.

GDPR opening clauses

Germany has made use of the opening clauses, particularly concerning the processing of data in the public sector, data processing for scientific purposes, and data processing in healthcare.

Key differences and national specifics

Specific data protection laws and official guidelines

Germany has specific data protection laws and official guidelines. These provide detailed information and guidance for compliance with data protection regulations in Germany.

Legal basis and sensitive data

Germany has specific regulations regarding the legal basis for data processing and the processing of sensitive data. These regulations are important to ensure that companies adhere to data protection requirements correctly.

E-Marketing and cookies

Germany has regulations concerning e-marketing and the use of cookies. However, it should be noted that a new regulation through the ePrivacy Regulation is still pending.

Data subject rights

The rights of data subjects in Germany are extensively regulated. Companies should ensure that they respect these rights and adequately inform data subjects.

Data Protection Impact Assessment (DPIA) and Data Protection Officer

Companies in Germany should ensure that they conduct DPIAs in accordance with German regulations. Additionally, there are regulations regarding the appointment of a Data Protection Officer.

Conclusion

Germany has adopted many of the GDPR guidelines but has also introduced some national peculiarities. Companies operating in Germany or conducting business with German citizens should ensure that they fully understand and comply with both the GDPR and German data protection law.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed