BDSG

The BDSG supplements GDPR with German-specific rules where EU law allows national flexibility. It contains detailed provisions for employment data processing, public sector data handling, video surveillance, and data protection officers. German data protection authorities at federal and state levels supervise compliance.

Germany’s Federal Data Protection Act (BDSG) works alongside GDPR to form the complete data protection framework in Germany. While GDPR provides the primary rules, BDSG exercises national opening clauses for specific areas. Employment data processing receives detailed regulation, covering recruitment, employee monitoring, and works council involvement. Public sector processing rules address federal agencies’ specific obligations. Video surveillance in publicly accessible areas has enhanced requirements. The BDSG also specifies when data protection officers are mandatory (beyond GDPR minimums), addresses credit scoring, and sets rules for automated decision-making. Germany’s federal structure means enforcement is split between the BfDI (Federal Commissioner) for federal bodies and sixteen state authorities for private sector and state-level public bodies.