Germany Strengthens Data Protection Act, Introduces Data Breach Notification Requirement
Mondaq Business Briefing › Germany Law Articles in English (2009)
Linked as:
Extract
Germany Strengthens Data Protection Act, Introduces Data Breach Notification Requirement
In July 2009, the German legislature passed various controversial amendments (the "Amendments") to the Bundesdatenschutzgesetz, Germany's Federal Data Protection Act ("BDSG" or the "Act").1 While these Amendments were not as extensive as many had initially hoped or feared, a few of the Amendments will undoubtedly have an immediate impact on companies doing business in Germany.
The Amendments cover a range of privacy and business issues, including marketing use of data lists, administration of employee data, and contractual provisions in data transfer agreements. They also increase the maximum fines for violating data protection laws and grant greater powers to data protection authorities ("DPAs"). The most significant change, however, is a new requirement to provide notification for data breaches2 that is similar in scope to state statutes in the United States.3 The BDSG The BDSG prohibits the collection,4 processing,5 and use6 of "personal data," unless the affected individual (the "Data Subject") expressly consents to, or German law specifically authorizes, the activity.7 Under the BDSG, "personal data" is broadly defined as any information concerning the personal or material circumstances of a natural person.8 One of the widely disputed activities permitted by the BDSG is the "list pr...See the full content of this document
Sponsored links
