New German data protection law
Employee data protection
The adjusted BDSG explicitly regulates the possibilities of processing employees' data for the exercise or fulfilment of Works Council Agreements or based on the consent of the respective employee. These rules provide employers with the basis for a specific regulation of data protection within the company, howev-er, the current German regulation on employee data protection will not be changed fundamentally.
Data protection official for private sector
Public and private bodies which process personal data shall automatically appoint in writing a data pro-tection official. This applies to companies with ten or more employees or if the company is subject to the data protection impact assessment according to article 35 GDPR or if related personal data are processed or used commercially for the purpose of transmission or anonymized transmission or for the purpose of market or opinion research. In particular, the 10 employees limit, which is in line with prior German legal requirements, is a significantly lower threshold than under the GDPR.
Further, the BDSG maintains the protection against dismissal in favour of the data protection official. The position of the data protection official is even stronger than the GDPR requires.
Information requirements
The GDPR contains extensive obligations to inform the data subject if the processing of data serves a different purpose than the collection. The German rule restricts the obligation if the effort to inform would be disproportionate or if the person concerned has little interest in the information. This restriction should also apply if information about the data processing would affect the establishment, exercise or defence of legal claims and the collector's interest in the refusal outweigh the data subject's interest.
Special categories of personal data
The BDSG also provides for more specific rules and exemptions e.g. for the health sector on the pro-cessing of special categories of personal.
Outlook
The interaction of two legal bases (GDPR and national law) makes the application of law challenging. In the light of a uniform standard, divergent national rules contradict the regulation's purpose and can cause problems. The upcoming problems are illustrated by the fact, that the new BDSG has more than twice the size of the old BDSG. However, companies have to adjust their data processing conduct in advance. We accompany you in this process with our legal expertise.
Save article as PDF