IDC Names Securiti a Worldwide Leader in Data Privacy


Germany’s Bundesdatenschutzgesetz (BDSG) Data Protection Act

Operationalize BDSG compliance with the most comprehensive PrivacyOps platform

Last Updated on November 14, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Germany’s Bundesdatenschutzgesetz (BDSG) in German, or the Federal Data Protection Act in English, was enacted in May 2018 to implement the GDPR in Germany. The law applies to all data controllers and processors that process personal data in Germany or in the context of the activities of an establishment of the controller or processor in Germany. It applies to both private and public bodies of the Federation as well as public bodies of the Länder, especially where data protection is not governed by Land Law.

Since the BDSG implements and supplements the GDPR, there are no variations from the GDPR as far as the legal basis of the processing is concerned. Accordingly, the six legal bases that allow the collection and processing of personal data are the data subject’s consent, the performance of a contract, compliance with a legal obligation, protection of vital interests of the data subject, performance of a public task, and legitimate interests of the data controller.

Data subjects must be notified about the types of information collected and how and for how long it will be collected. Data subjects must also be informed if their sensitive personal data is collected.

Penalties for noncompliance are based on the GDPR, i.e. up to a €20 million fine or 4% of gross global annual turnover for the previous financial year, whichever is higher. Violations of certain requirements such as that of processing of personal data in relation to consumer loans may be punished by an administrative fine of up to €50,000.

The Solution

Securiti enables organizations to comply with Germany’s BDSG through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti automates data operations, increases data visibility, and provides data mapping capabilities to assist firms to comply with Germany's BDSG.

Learn how our comprehensive PrivacyOps platform can assist you in meeting the requirements of various sections of Germany’s BDSG.


Germany BDSG Compliance Solution

With its state-of-the-art artificial intelligence and machine-learning-based tools, Securiti is a market leader in providing data governance and compliance solutions.

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


Automate consumer data access request handling

BDSG Sections 27, 28, 29, 34, 57 & GDPR Article 15

Companies must make the procedure of filing verified DSR requests as simple as feasible, and data subjects must be aware of their data privacy rights. The risk of compliance violations and the human effort required to comply with all requests will be greatly reduced by automating secure data access reports.

DSR Workbench BDSG
dsr requests

Secure fulfillment of data access requests

BDSG Section 29 & GDPR Article 15

Entities that want to comply must provide information to data subjects within a specific time frame after receiving a confirmed data request. This functionality will be provided at no cost and via a secure, centralized gateway.

Automate the processing of rectification requests

BDSG Sections 28, 29, 58 & GDPR Article 16

With the help of automation, you can effortlessly execute all data rectification requests and receive visibility into data subject verification workflows across all appearances of a subject's personal data.

data rectify request
data erasure request

Automate erasure requests

BDSG Sections 35, 74 & GDPR Article 17

Using an integrated automated and customizable option, quickly fulfill data subject requests for erasure, destruction, and/or anonymization.

Monitor and track consent

BDSG Sections 26, 51 & GDPR Articles 6, 7, 9

Track data subjects' revocation of consent to avoid data transmission or processing without their permission. Demonstrate consent compliance to authorities and data subjects in a seamless manner.

personal data monitoring tracking
Internal Assessment Automation

Assess Readiness

BDSG Sections 38, 47, 48, 64, 71 & GDPR Articles 5, 24, 25

You can analyze your organization's compliance with Germany’s BDSG, discover gaps, and mitigate risks using our multi-regulation, collaborative, preparedness, and privacy impact assessment solution. Seamlessly expand assessment capabilities throughout your vendor ecosystem to stay compliant with Germany’s BDSG.

Automate object and restriction of processing requests

BDSG Sections 29, 34, 37 & GDPR Articles 18, 19

Seamlessly fulfill data rectification requests with automated data subject verification and rectification workflows across all appearances of a subject’s personal data.

Personal Data Processing Restriction
Data Flow Mapping

Map data flows and generate reports

GDPR Article 30

Track data flows within your organization, trace data, classify, transfer, and document business process flows both within internal departments and third parties.

Automate data breach response notifications

BDSG Sections 65, 66 & GDPR Articles 33, 34

Utilizes a knowledge database on security incident diagnosis and response to automate compliance activities and breach notifications to interested parties concerning security events.

breach response notification
manage vendor risk

Manage vendor risk

BDSG Sections 62 & GDPR Article 28

Keep track of your service providers' privacy and security readiness from a single interface. Work with vendors in real-time, automate data requests and deletions, and keep track of all vendor contracts and compliance documentation.

Meet cookie compliance

GDPR Articles 6, 7, 21

Scan your organization's web properties and automatically categorize tags and cookies. Create customizable cookie banners, obtain consent, and provide a preference center, among other things.

Germany BDSG Cookie Consent Compliance
Privacy Policy Creation And Management

Privacy policy and notice management

BDSG Sections 29, 32, 33, 56 & GDPR Articles 12, 13

Use pre-built templates and customize them to fit your company's needs. Make your privacy notices available in various languages and automate adjustments to your privacy policy and notice.

Key Rights Under Germany’s BDSG

BDSG provides the same rights to data subjects as that provided under the GDPR. However, it provides for limitations of data subject’s rights under certain circumstances:

Right of Access

Data subjects have the right to access any data collected by the data handler. The right of access may be limited in several specific situations such as in the case of secrecy obligations and in the case of data processing for research and statistical purposes.

Right to be informed

All data subjects have the right to information to be provided when personal data is collected from them, directly or indirectly. The right to be informed may be limited.

Right to Object

Data subjects have the right to object to any further data collection. The right to object may be limited in the case of data processing for archiving purposes in the public interest.

Right to Request Erasure

All data subjects have the right to request deletion of their data. BDSG limits the exercise of the right to erasure in case of non-automated processing where the erasure would be impossible or involve a disproportionate effort.

Right to Rectification

Right to correct personal data. The right to rectification is limited if personal data is processed for archiving purposes in the public interest and in cases of data processing for scientific or historical research or for statistical purposes to the extent that it is likely to seriously impair the achievement of such research/purposes.

Right to Restriction of Processing

Right to temporarily stop the processing of personal data. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.

Right to Data Portability

Right to receive data in a structured, commonly-read, and machine readable format. The right is limited in the case of data processing for archiving purposes in the public interest.

Right to Object

Right to object to the processing under certain circumstances including the right to withdraw consent. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.

Right to Object to Automated Decision-Making

Data subjects have the right to request that the data handler stops automated decision-making and profiling based on the data collected by the data handler. This right does not apply if the decision is made in the context of providing services under an insurance contract under certain circumstances.

Facts Related to Germany’s BDSG


The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act enacted to implement the GDPR in Germany.


The BDSG supplements the GDPR while giving local German regulatory authorities the power to more effectively implement it on a national level.


The BDSG contains specific provisions for the processing of employees’ personal data. Where an employee's consent is obtained, it must be freely given and must be in writing or electronic form.


The BDSG requires organizations subject to a data breach to inform the regulatory body without any undue delay and not later than 72 hours after becoming aware of the incident.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report