Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Germany’s Bundesdatenschutzgesetz (BDSG) in German, or the Federal Data Protection Act in English, was enacted in May 2018 to implement the GDPR in Germany. The law applies to all data controllers and processors that process personal data in Germany or in the context of the activities of an establishment of the controller or processor in Germany. It applies to both private and public bodies of the Federation as well as public bodies of the Länder, especially where data protection is not governed by Land Law.
Since the BDSG implements and supplements the GDPR, there are no variations from the GDPR as far as the legal basis of the processing is concerned. Accordingly, the six legal bases that allow the collection and processing of personal data are the data subject’s consent, the performance of a contract, compliance with a legal obligation, protection of vital interests of the data subject, performance of a public task, and legitimate interests of the data controller.
Data subjects must be notified about the types of information collected and how and for how long it will be collected. Data subjects must also be informed if their sensitive personal data is collected.
Penalties for noncompliance are based on the GDPR, i.e. up to a €20 million fine or 4% of gross global annual turnover for the previous financial year, whichever is higher. Violations of certain requirements such as that of processing of personal data in relation to consumer loans may be punished by an administrative fine of up to €50,000.
Securiti enables organizations to comply with Germany’s BDSG through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti automates data operations, increases data visibility, and provides data mapping capabilities to assist firms to comply with Germany's BDSG.
Learn how our comprehensive PrivacyOps platform can assist you in meeting the requirements of various sections of Germany’s BDSG.
Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.
BDSG Sections 27, 28, 29, 34, 57 & GDPR Article 15
Companies must make the procedure of filing verified DSR requests as simple as feasible, and data subjects must be aware of their data privacy rights. The risk of compliance violations and the human effort required to comply with all requests will be greatly reduced by automating secure data access reports.
BDSG Section 29 & GDPR Article 15
Entities that want to comply must provide information to data subjects within a specific time frame after receiving a confirmed data request. This functionality will be provided at no cost and via a secure, centralized gateway.
BDSG Sections 28, 29, 58 & GDPR Article 16
With the help of automation, you can effortlessly execute all data rectification requests and receive visibility into data subject verification workflows across all appearances of a subject's personal data.
BDSG Sections 35, 74 & GDPR Article 17
Using an integrated automated and customizable option, quickly fulfill data subject requests for erasure, destruction, and/or anonymization.
BDSG Sections 26, 51 & GDPR Articles 6, 7, 9
Track data subjects' revocation of consent to avoid data transmission or processing without their permission. Demonstrate consent compliance to authorities and data subjects in a seamless manner.
BDSG Sections 38, 47, 48, 64, 71 & GDPR Articles 5, 24, 25
You can analyze your organization's compliance with Germany’s BDSG, discover gaps, and mitigate risks using our multi-regulation, collaborative, preparedness, and privacy impact assessment solution. Seamlessly expand assessment capabilities throughout your vendor ecosystem to stay compliant with Germany’s BDSG.
BDSG Sections 29, 34, 37 & GDPR Articles 18, 19
Seamlessly fulfill data rectification requests with automated data subject verification and rectification workflows across all appearances of a subject’s personal data.
GDPR Article 30
Track data flows within your organization, trace data, classify, transfer, and document business process flows both within internal departments and third parties.
BDSG Sections 65, 66 & GDPR Articles 33, 34
Utilizes a knowledge database on security incident diagnosis and response to automate compliance activities and breach notifications to interested parties concerning security events.
BDSG Sections 62 & GDPR Article 28
Keep track of your service providers' privacy and security readiness from a single interface. Work with vendors in real-time, automate data requests and deletions, and keep track of all vendor contracts and compliance documentation.
GDPR Articles 6, 7, 21
Scan your organization's web properties and automatically categorize tags and cookies. Create customizable cookie banners, obtain consent, and provide a preference center, among other things.
BDSG Sections 29, 32, 33, 56 & GDPR Articles 12, 13
BDSG provides the same rights to data subjects as that provided under the GDPR. However, it provides for limitations of data subject’s rights under certain circumstances:
Data subjects have the right to access any data collected by the data handler. The right of access may be limited in several specific situations such as in the case of secrecy obligations and in the case of data processing for research and statistical purposes.
All data subjects have the right to information to be provided when personal data is collected from them, directly or indirectly. The right to be informed may be limited.
Data subjects have the right to object to any further data collection. The right to object may be limited in the case of data processing for archiving purposes in the public interest.
All data subjects have the right to request deletion of their data. BDSG limits the exercise of the right to erasure in case of non-automated processing where the erasure would be impossible or involve a disproportionate effort.
Right to correct personal data. The right to rectification is limited if personal data is processed for archiving purposes in the public interest and in cases of data processing for scientific or historical research or for statistical purposes to the extent that it is likely to seriously impair the achievement of such research/purposes.
Right to temporarily stop the processing of personal data. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.
Right to receive data in a structured, commonly-read, and machine readable format. The right is limited in the case of data processing for archiving purposes in the public interest.
Right to object to the processing under certain circumstances including the right to withdraw consent. This right does not apply if it is likely to seriously impair the achievement of the research or statistical purposes.
Data subjects have the right to request that the data handler stops automated decision-making and profiling based on the data collected by the data handler. This right does not apply if the decision is made in the context of providing services under an insurance contract under certain circumstances.
The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act enacted to implement the GDPR in Germany.
The BDSG supplements the GDPR while giving local German regulatory authorities the power to more effectively implement it on a national level.
The BDSG contains specific provisions for the processing of employees’ personal data. Where an employee's consent is obtained, it must be freely given and must be in writing or electronic form.
The BDSG requires organizations subject to a data breach to inform the regulatory body without any undue delay and not later than 72 hours after becoming aware of the incident.
PO Box 13039,
Coyote CA 95013