The German Federal Law for Data Protection (BDSG) regulates handling personal data, which are processed manually in IT-systems or together with the data protection acts of the Lands of the Federal Republic and other range-more specific regulations (see also: Data security).

Historical development

Isolated there were already for a long time regulations, those the protection of the served (Beichtgeheimnis, medical professional secrecy, tax secret, post office secret). Considerations to a comprehensive data security took their beginning into the 1960er year in the USA and accompanied with the development of the computer technology and the associated dangers for the (privacy).

In Germany opened [[Hessen 1970 with the first data protection act of the world the Reigen of the data protection act giving. After the census judgement of the Federal Constitutional Court 1983 it was clear that the past data protection acts did not meet the constitutional requirements. These had to be amended within an appropriate period. 1986 discharged Hessen as the first Land of the Federal Republic a new data protection act, 1990 were also the federation so far.]]

An express authority of the federation for the comprehensive regulation of the data security does not contain the Basic Law. The regulation authority for a Federal Law for Data Protection results from the resort to the legislation competencies for different ranges, which are for the data security of importance. For the data security in the range of application of the public administration this is the legislation for the administrative proceedings (kind 70 FF. i. V.M. kind 84 exp. 1, 85 exp. 1 and 86 GG). The data processing is used as work and organizational resource and is thereby the range of the administrative proceedings to be assigned. Data protection regulations under Federal law can be issued therefore for the administrative activity of the federation as well as for those of the countries, municipalities and municipality federations, as far as implement this Federal Law; within the range it requires the local execution of Federal Law for this the agreement of the Upper House of Parliament. For the legal regulation of the protection of the in closed ranges the legislative competence of the federation is based on the respective specific competence, thus on its competence specified in the GG among other things for the legislation on the area of the economic, work, civilian, punishing and procedural law.

Overview of the BDSG

The BDSG consists of six sections:

• In the first section ("§"§ 1-11) general and common regulations are described,
• in the second section ("§"§ 12-26) the data processing for public places and
• regulated in the third section ("§"§ 27-38a) for private places.
• The fourth section ("§"§ 39-42) contains special regulations,
• in the fifth section ("§"§ 43-44) punishing and legal regulations covering fines become and
• called in the sixth section ("§"§ 45-46) transitional regulations.

General and common regulations

• "§ 1 paragraph 1 BDSG says:

Purpose of this law is it to protect the particular against the fact that it is impaired by handling its personal data in its personality right.

Principles

A substantial principle of the law is the exclusion principle in such a way specified with permission reservation. This means that the collection, processing and use of personal data are forbidden in principle. It is permitted only if either a clear legal basis is given (that is, the law permits the data processing in this case) or if expressly (usually in writing) its agreement gave the persons concerned for the collection, processing and use. The applied procedures with automated processing are to be examined from (official or operational) the commisioner for data protection to, or (if such is missing) with the responsible national commisioner for data protection indicate requiring.

Likewise the principle of data avoidance and data thriftiness defined in "§ 3a applies: So all data processing systems at the goal are to align themselves, no or as little personal data as using and in particular of making from the possibilities of the anonymization and Pseudonymisierung use possible.

Protected data

Is regulated handling with personal data. Data are personal, if they describe personal or material conditions of a natural person. In addition it, if the person is not in particular designated, is sufficient but is assignable (for example: Telephone number, E-Mail address, IP address with the Surfen, personnel number).

In contrast to it anonymous data stand, with which the person is unknown (thus undeterminably). Aliases data, with which the name is replaced by a pseudonym, fall however again under the area of application of the BDSG, because it concerns thereby data of assignable persons. Since it is however more to judge from the alias the owner the informational right of self-determination is hereby better protected, than with e.g. names.

Into the area of application of the BDSG data do not fall over legal entities (GmbHs, AGs etc.).

Particularly to be protected sensitive data so mentioned in accordance with "§ 3 exp. 9 BDSG, i.e. data over rassische and ethnical origin, the political opinion, religious or philosophical convictions, the union membership, the health and the Sexualleben.

With these data the exclusion principle with permission reservation is still more closely defined by an exception catalog and an express consent of the concerning necessarily.

Material range of application

The BDSG regulates the following activities: The data acquisition, the data processing and the data use. Belonged to the processing thereby storing, changing, conveying, barriers and deletion Daten.Auch are regulated in the BDSG, which rights and obligations the supervisory authorities for the data security to have.

Spatial range of application

With a seat in principle the seat principle applies for the responsible person place in the EG/EWR foreign country, i.e. the seat of the responsible persons place is relevant for the national right. A company with seat in France for example can export its French right during the data processing in Germany.

If the place has however an address in Germany, in principle the territorial principle applies, i.e. it applies the German BDSG. This applies likewise to places, which have a seat in a not EEC EWR state.

Standard addressee

In the BDSG distinctive between data security of national ("public") and of private ("closed") places. Public competition enterprises, which stand in the competition to private enterprises (e.g. the German course), become like private places treated.

Data processing of the private places

Each private place (e.g. Enterprise), in which five or more employee are busy with the treatment of personal data, needs a commisioner for data protection (short FCB).

Against a common view the oft-quoted close time ("§ 45 BDSG) applied for the close time to the order Datenschutzbeauftragten.Vielmehr not tried offerer also accumulates to 23. May 2004 this date to use around the topic of commisioners for data protection again in the discussion too bringen."§ 45 BDSG speaks only of already more existenter (E) data processing.

The obligations of the processing (responsible persons!) Are assigned to place always to the management. Independently of the order of a commisioner for data protection they cover among other things:

• Grant of the concerning rights (notification, information, correction, blockage, deletion),
• transparent and documented EDP (procedure listing),
• Protection of the EDP and the data in the sense of IT-security,
• Comprehensibleness from accesses, changes and passing on third.

Articles in category "Federal Law for Data Protection"

We found here 5 articles.