Logo Federal Ministry of JusticeLogo Federal Office of Justice

Federal Data Protection Act
(BDSG)

Full text in format:   HTML  PDF   text in German

Übersetzung durch den Sprachendienst des Bundesministeriums des Innern

Translations provided by the Language Service of the Federal Ministry of the Interior

Stand: Die vorliegende Übersetzung berücksichtigt die Änderung(en) des Gesetzes durch Artikel 10 des Gesetzes vom 23. Juni 2021 (BGBl. I S. 1858; 2022 I S. 1045).
Der Stand der deutschsprachigen Dokumentation kann aktueller sein. Vergleichen Sie dazu bitte http://www.gesetze-im-internet.de/bdsg_2018/BJNR209710017.html.

Version information: The English translation includes the amendments to the Act by Article 10 of the Act of 23 June 2021 (Federal Law Gazette I, p. 1858; 2022 I p. 1045).
Translations may not be updated at the same time as the German legal provisions displayed on this website. To compare with the current status of the German version, see http://www.gesetze-im-internet.de/bdsg_2018/BJNR209710017.html.

Zur Nutzung dieser Übersetzung lesen Sie bitte den Hinweis unter "Translations".

For conditions governing use of this translation, please see the information provided under "Translations".

           
Part I
Common provisions
Chapter 1
Scope and definitions
Section 1Scope of the Act
Section 2Definitions
Chapter 2
Legal basis for processing personal data
Section 3Processing of personal data by public bodies
Section 4Video surveillance of publicly accessible spaces
Chapter 3
Data protection officers of public bodies
Section 5Designation
Section 6Position
Section 7Tasks
Chapter 4
Federal Commissioner for Data Protection and Freedom of Information
Section 8Establishment
Section 9Competence
Section 10Independence
Section 11Appointment and term of office
Section 12Official relationship
Section 13Rights and obligations
Section 14Tasks
Section 15Activity reports
Section 16Powers
Chapter 5
Representation on the European Data Protection Board, single contact point, cooperation among the federal supervisory authorities and those of the Länder concerning European Union matters
Section 17Representation on the European Data Protection Board, single contact point
Section 18Procedures for cooperation among the federal and Länder supervisory authorities
Section 19Responsibilities
Chapter 6
Legal remedies
Section 20Judicial remedy
Section 21Application of the supervisory authority for a court decision if it believes that an adequacy decision by the European Commission violates the law
Part 2
Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679
Chapter 1
Legal basis for processing personal data
Sub-chapter 1
Processing of special categories of personal data and processing for other purposes
Section 22Processing of special categories of personal data
Section 23Processing for other purposes by public bodies
Section 24Processing for other purposes by private bodies
Section 25Transfer of data by public bodies
Sub-chapter 2
Special processing situations
Section 26Data processing for employment-related purposes
Section 27Data processing for purposes of scientific or historical research and for statistical purposes
Section 28Data processing for archiving purposes in the public interest
Section 29Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
Section 30Consumer loans
Section 31Protection of commercial transactions in the case of scoring and credit reports
Chapter 2
Rights of the data subject
Section 32Information to be provided where personal data are collected from the data subject
Section 33Information to be provided where personal data have not been obtained from the data subject
Section 34Right of access by the data subject
Section 35Right to erasure
Section 36Right to object
Section 37Automated individual decision-making, including profiling
Chapter 3
Obligations of controllers and processors
Section 38Data protection officers of private bodies
Section 39Accreditation
Chapter 4
Supervisory authorities for data processing by private bodies
Section 40Supervisory authorities of the Länder
Chapter 5
Penalties
Section 41Application of provisions concerning criminal proceedings and proceedings to impose administrative fines
Section 42Penal provisions
Section 43Provisions on administrative fines
Chapter 6
Legal remedies
Section 44Proceedings against a controller or processor
Part 3
Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680
Chapter 1
Scope, definitions and general principles for processing personal data
Section 45Scope
Section 46Definitions
Section 47General principles for processing personal data
Chapter 2
Legal basis for processing personal data
Section 48Processing of special categories of personal data
Section 49Processing for other purposes
Section 50Processing for archiving, scientific and statistical purposes
Section 51Consent
Section 52Processing on instructions from the controller
Section 53Confidentiality
Section 54Automated individual decision
Chapter 3
Rights of the data subject
Section 55General information on data processing
Section 56Notification of data subjects
Section 57Right of access
Section 58Right to rectification and erasure and to restriction of processing
Section 59Modalities for exercising the rights of the data subject
Section 60Right to lodge a complaint with the Federal Commissioner
Section 61Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
Chapter 4
Obligations of controllers and processors
Section 62Processing carried out on behalf of a controller
Section 63Joint controllers
Section 64Requirements for the security of data processing
Section 65Notifying the Federal Commissioner of a personal data breach
Section 66Notifying data subjects affected by a personal data breach
Section 67Conducting a data protection impact assessment
Section 68Cooperation with the Federal Commissioner
Section 69Prior consultation of the Federal Commissioner
Section 70Records of processing activities
Section 71Data protection by design and by default
Section 72Distinction between different categories of data subjects
Section 73Distinction between facts and personal assessments
Section 74Procedures for data transfers
Section 75Rectification and erasure of personal data and restriction of processing
Section 76Logging
Section 77Confidential reporting of violations
Chapter 5
Transfers of data to third countries and to international organizations
Section 78General requirements
Section 79Data transfers with appropriate safeguards
Section 80Data transfers without appropriate safeguards
Section 81Other data transfers to recipients in third countries
Chapter 6
Cooperation among supervisory authorities
Section 82Mutual assistance
Chapter 7
Liability and penalties
Section 83Compensation
Section 84Penal provisions
Part 4
Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 and Directive (EU) 2016/680
Section 85Processing of personal data in the context of activities outside the scope of Regulation (EU) 2016/679 and Directive (EU) 2016/680
Section 86Processing of personal data for purposes of government awards and honours