Federal Data Protection Act

On August 20, 2015, the Bavarian Data Protection Authority issued a press release stating that it imposed a significant fine on a data controller for failing to adequately specify the security controls protecting personal data in a data processing agreement with a data processor.
Continue Reading German DPA Fines Data Controller for Inadequate Data Processing Agreement

As of September 1, 2012, all personal data in Germany may only be processed and used for marketing purposes (including address trading) with the express opt-in consent of the affected individuals. This blog entry provides a brief overview of some exceptions to the new rules.
Continue Reading Stricter Enforcement of German Advertising and Marketing Rules Effective September 1

On February 3, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a press release announcing that it has approved the privacy policy formulated by Deutsche Post DHL, thereby allowing the company to transfer personal data abroad without having to obtain approval in individual cases.

Continue Reading German Federal DPA Approves Binding Corporate Rules of Deutsche Post DHL

The German Federal Ministry of the Interior recently published a paper outlining the key issues addressed in an employee data protection law it is currently drafting.

Continue Reading German Ministry Releases Key Issues Paper on Upcoming Employee Data Protection Regulation

On July 3, 2009, the German Federal Parliament passed comprehensive amendments to the Federal Data Protection Act (the “Federal Act”). These amendments also passed the Federal Council on July 10, 2009, and the revised law will enter into force on September 1, 2009. The new amendments cover a range of data protection-related issues, including marketing,