GDPR Regulations in Germany

If you’ve been looking into opening a subsidiary in Germany sometime in the near future, you are already well aware of how complex navigating the EU’s General Data Protection Regulation (GDPR) on a country-by-country basis is.  Despite the challenges, however, it’s quite possible to navigate these complicated waters with guidance. 


In 2017, Germany updated their former data protection measures with the passage of the Federal Data Protection Act (BDSG), thus commencing their compliance initiatives for the GDPR.  The act is still relatively new, so German authorities have yet to clarify much of the implementation and interpretation of the language.  The BDSG functions as a companion to the GDPR, providing clarification and specificity.  You should be aware, however, that the GDPR takes precedence over the BDSG.


So how do these changes affect companies like yours who are planning to enter the German market? 

We’ve listed here a handful of regulations you should be aware of, with short explanations to give you a taste of what they might mean for you. 


Data Protection Officers: 

Though data protection officers have long been a requirement in Germany, the regulations pertaining to them have changed under Germany’s response to the GDPR.  Today, if your company has 10 or more employees working with the automated processing of personal data, a Data Protection Officer is mandatory.

Be sure to read up thoroughly on data protection officers in the BDSG, as there are additional rules for various circumstances. 


Data Protection for Employees: 

Under the GDPR, EU nations provide their own regulations in this area, so long as they are written and applied to protect employees’ rights.

Certain BDSG rules stand out.  Namely, companies are permitted to process the personal data of employees, so long as it is proven to be necessary for the functioning of the employee-company relationship.  In addition, if enacted in the manner permitted, personal data may be processed for employees under suspicion of criminal offenses.


Scientific or Historical Research:

Luckily, if you utilize personal data in scientific or historical research within your business, there are clear and fair regulations within Germany’s GDPR implementation law. 

If your research data contains personal information on your data subjects, you may have the privilege of certain regulation exemptions, so long as you can prove that your research is required and you follow certain protection measures. 


Keep in mind this is just a mere handful of Germany’s long and complex data protection regulations, so it’s highly recommended you consult a qualified advisor.  Please be aware that the BDSG and GDPR are not the only sets of regulations to be aware of - if you are in the banking, energy, or the telecommunications industry (among others), additional laws may apply to you. 


Expanding into the German market is a big step.  As Europe’s largest economy, Germany is doubtlessly worth the effort, but the legal requirements make your entry a challenge.  Don’t waste your time and energy nitpicking regulations when it’s better spent building your empire.  At Counselhouse, we offer assistance for international clients and yes, we specialize in legal advisory services that help pave a smooth path of entry for businesses like yours. 


Reach out to us today to learn more about how your company can enter the German market with ease.