Germany’s Bundesdatenschutzgesetz/Federal Data Protection Act (BDSG)
Operationalize BDSG compliance with the most comprehensive PrivacyOps platform
Last Updated on June 2, 2023
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
Germany’s Bundesdatenschutzgesetz (BDSG) in German, or the Federal Data Protection Act in English, was enacted in May 2018 to implement the GDPR in Germany. The law applies to all data controllers and processors that process personal data in Germany or in the context of the activities of an establishment of the controller or processor in Germany. It applies to both private and public bodies of the Federation as well as public bodies of the Länder, especially where data protection is not governed by Land Law.
Since the BDSG implements and supplements the GDPR, there are no variations from the GDPR as far as the legal basis of the processing is concerned. Accordingly, the six legal bases that allow the collection and processing of personal data are the data subject’s consent, the performance of a contract, compliance with a legal obligation, protection of vital interests of the data subject, performance of a public task, and legitimate interests of the data controller.
Data subjects must be notified about the types of information collected and how and for how long it will be collected. Data subjects must also be informed if their sensitive personal data is collected.
Penalties for noncompliance are based on the GDPR, i.e. up to a €20 million fine or 4% of gross global annual turnover for the previous financial year, whichever is higher. Violations of certain requirements such as that of processing of personal data in relation to consumer loans may be punished by an administrative fine of up to €50,000.
The Solution
Securiti enables organizations to comply with Germany’s BDSG through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti automates data operations, increases data visibility, and provides data mapping capabilities to assist firms to comply with Germany's BDSG.
Learn how our comprehensive PrivacyOps platform can assist you in meeting the requirements of various sections of Germany’s BDSG.
.
With its state-of-the-art artificial intelligence and machine-learning-based tools, Securiti is a market leader in providing data governance and compliance solutions.
Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.
Automate consumer data access request handling
BDSG Sections 27, 28, 29, 34, 57 & GDPR Article 15
Companies must make the procedure of filing verified DSR requests as simple as feasible, and data subjects must be aware of their data privacy rights. The risk of compliance violations and the human effort required to comply with all requests will be greatly reduced by automating secure data access reports.
Secure fulfillment of data access requests
BDSG Section 29 & GDPR Article 15
Entities that want to comply must provide information to data subjects within a specific time frame after receiving a confirmed data request. This functionality will be provided at no cost and via a secure, centralized gateway.
Automate the processing of rectification requests
BDSG Sections 28, 29, 58 & GDPR Article 16
With the help of automation, you can effortlessly execute all data rectification requests and receive visibility into data subject verification workflows across all appearances of a subject's personal data.
Automate erasure requests
BDSG Sections 35, 74 & GDPR Article 17
Using an integrated automated and customizable option, quickly fulfill data subject requests for erasure, destruction, and/or anonymization.
Monitor and track consent
BDSG Sections 26, 51 & GDPR Articles 6, 7, 9
Track data subjects' revocation of consent to avoid data transmission or processing without their permission. Demonstrate consent compliance to authorities and data subjects in a seamless manner.
Assess Readiness
BDSG Sections 38, 47, 48, 64, 71 & GDPR Articles 5, 24, 25
You can analyze your organization's compliance with Germany’s BDSG, discover gaps, and mitigate risks using our multi-regulation, collaborative, preparedness, and privacy impact assessment solution. Seamlessly expand assessment capabilities throughout your vendor ecosystem to stay compliant with Germany’s BDSG.
Automate object and restriction of processing requests
BDSG Sections 29, 34, 37 & GDPR Articles 18, 19
Seamlessly fulfill data rectification requests with automated data subject verification and rectification workflows across all appearances of a subject’s personal data.
Map data flows and generate reports
GDPR Article 30
Track data flows within your organization, trace data, classify, transfer, and document business process flows both within internal departments and third parties.
Automate data breach response notifications
BDSG Sections 65, 66 & GDPR Articles 33, 34
Utilizes a knowledge database on security incident diagnosis and response to automate compliance activities and breach notifications to interested parties concerning security events.
Manage vendor risk
BDSG Sections 62 & GDPR Article 28
Keep track of your service providers' privacy and security readiness from a single interface. Work with vendors in real-time, automate data requests and deletions, and keep track of all vendor contracts and compliance documentation.
Meet cookie compliance
GDPR Articles 6, 7, 21
Scan your organization's web properties and automatically categorize tags and cookies. Create customizable cookie banners, obtain consent, and provide a preference center, among other things.
Privacy policy and notice management
BDSG Sections 29, 32, 33, 56 & GDPR Articles 12, 13
Use pre-built templates and customize them to fit your company's needs. Make your privacy notices available in various languages and automate adjustments to your privacy policy and notice.
Key Rights Under Germany’s BDSG
BDSG provides the same rights to data subjects as that provided under the GDPR. However, it provides for limitations of data subject’s rights under certain circumstances:
Right of Access
Data subjects have the right to access any data collected by the data handler. The right of access may be limited in several specific situations such as in the case of secrecy obligations and in the case of data processing for research and statistical purposes.
Right to be informed
All data subjects have the right to information to be provided when personal data is collected from them, directly or indirectly. The right to be informed may be limited.
Right to Object
Data subjects have the right to object to any further data collection. The right to object may be limited in the case of data processing for archiving purposes in the public interest.
Right to Request Erasure
All data subjects have the right to request deletion of their data. BDSG limits the exercise of the right to erasure in case of non-automated processing where the erasure would be impossible or involve a disproportionate effort.
Right to Rectification
Right to correct personal data. The right to rectification is limited if personal data is processed for archiving purposes in the public interest and in cases of data processing for scientific or historical research or for statistical purposes to the extent that it is likely to seriously impair the achievement of such research/purposes.
Right to Restriction of Processing
Right to temporarily stop the processing of personal data. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.
Right to Data Portability
Right to receive data in a structured, commonly-read, and machine readable format. The right is limited in the case of data processing for archiving purposes in the public interest.
Right to Object
Right to object to the processing under certain circumstances including the right to withdraw consent. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.
Right to Object to Automated Decision-Making
Data subjects have the right to request that the data handler stops automated decision-making and profiling based on the data collected by the data handler. This right does not apply if the decision is made in the context of providing services under an insurance contract under certain circumstances.
Facts Related to Germany’s BDSG
The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act enacted to implement the GDPR in Germany.
The BDSG supplements the GDPR while giving local German regulatory authorities the power to more effectively implement it on a national level.
The BDSG contains specific provisions for the processing of employees’ personal data. Where an employee's consent is obtained, it must be freely given and must be in writing or electronic form.
The BDSG requires organizations subject to a data breach to inform the regulatory body without any undue delay and not later than 72 hours after becoming aware of the incident.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
