Bundestag passes the new BDSG
Yesterday, 27.04.2017, the Bundestag passed the new Federal Data Protection Act (BDSG) in second and third reading. The amendments proposed by the Committee on Internal Affairs were taken into account(Bundestag printed paper No. 18/12084). The new BDSG is intended to implement the EU’s General Data Protection Regulation (GDPR). However, the law goes far beyond the necessary adaptation and regulates various contents that are already covered by the GDPR. On the other hand, it is to be welcomed, for example, that the mandatory appointment of a data protection officer is retained for ten or more persons employed in data processing in a company.
The new BDSG is intended to flesh out the provisions of the GDPR and retain known and proven regulations, such as those on credit agencies and scoring, in order to provide supposed legal certainty for citizens and companies. We also heard the statement that companies could continue to use previously obtained consents – which we consider very questionable, as the GDPR explicitly requires that all consent forms used must meet the requirements of the GDPR. There are also many concerns about the other regulations with regard to their compliance with European law. Jan Philipp Albrecht, who had a decisive influence on the regulation as rapporteur in the EU Parliament, told Golem.de: “[…] the result could still be contrary to European law.
How to deal with the new BDSG?
We consider it questionable whether the regulations of the new BDSG can actually be used in practice or whether companies risk a breach of the GDPR as a result. We therefore generally recommend taking into account the stricter regulation in each case – which mostly results from the GDPR. In individual cases, however, it can be examined whether recourse to the simplified regulations of the new BDSG is possible. It remains to be seen how the new BDSG will hold up in practice.
For questions regarding the new BDSG, please contact: Dr. Stefan Drewes, phone: +49 228.90248070; e-mail: