Second Adaptation Act For The Implementation Of The GDPR

Author:Mr Hendrik Skistims
Profession:SKW Schwarz
 
FREE EXCERPT

An overview of the most important changes to the German Federal Data Protection Act

The General Data Protection Regulation ("GDPR") aims to harmonise European data protection law and to create a uniform European level of data protection. Nevertheless, the GDPR contains a large number of so-called opening clauses which grant the member states a certain scope for implementation in individual areas of regulation. After the adaption of the Federal Data Protection Act ("BDSG") by the German legislator according to the European requirements and opening clauses, further amendments entered into force on 26 November 2019 with the 2nd Data Protection Adaptation and Implementation Act EU ("2nd DSAnpUG-EU").

The General Data Protection Regulation ("GDPR") aims to harmonise European data protection law and to create a uniform European level of data protection. Nevertheless, the GDPR contains a large number of so-called opening clauses which grant the member states a certain scope for implementation in individual areas of regulation. After the adaption of the Federal Data Protection Act ("BDSG") by the German legislator according to the European requirements and opening clauses, further amendments entered into force on 26 November 2019 with the 2nd Data Protection Adaptation and Implementation Act EU ("2nd DSAnpUG-EU").

In addition to amendments to the GDPR, the 2nd DSAnpUG-EU contains amendments to more than 150 laws, most for editorial purposes. In this context, definitions, references, legal bases, rights of data subjects and specifications on technical and organisational measures are adapted or newly regulated. On the other hand, the amendments to the GDPR are far more relevant to daily data protection practice, especially in medium-sized companies. The new regulations include in particular

the competence of the Federal Data Protection Commissioner for data protection and freedom of information ("BfDI") in § 9 BDSG and corresponding powers in § 16 BDSG, the processing of special categories of personal data according to § 22 BDSG, the abolishment of written form requirement for consents in employment relationships as stated in § 26 BDSG the limit for the compulsory appointment of an operational data protection officer according to § 38 BDSG as well as the processing for purposes of awarding state awards and honours in § 86 BDSG. In detail:

The amendment of § 9 BDSG relates to the BfDI's competence, which now extends beyond the scope of the...

To continue reading

REQUEST YOUR TRIAL