The data protection laws and regulations at state level lay down the legal requirements that must be satisfied for public authorities and other public bodies in a German state to be allowed to process personal data. Like the Federal Act, the North Rhine-Westphalia Data Protection Act provides that a citizen’s personal data may be processed only if
– processing of the data is permitted under a specific legal provision, or if
– the citizen whose data are to be processed has given his or her consent.
Apart from the general data protection laws there are special laws at both state and federal level that contain data protection provisions governing specific areas. For instance, the North Rhine-Westphalia Police Act includes special provisions concerning data processing by police services. Public authorities have to observe, with precedence, the data protection provisions laid down in the special laws that apply to them.
Data processing by federal authorities and other federal public bodies is governed by the Federal Data Protection Act. However, at the federal level, too, processing of personal data is increasingly regulated by special legislation. For example, the local Labour Offices which report to the Federal Employment Agency are subject to special regulations such as the 10th Volume of the Code of Social Law.
Overview of the BDSG
- First section (§ § 1-11): General and common rules
- Second section (§ § 12-26): Data processing by public bodies
- Third section (§ § 27-38a): Data processing by non-public bodies and public competitor companies
- Fourth section (§ § 39-42): Special provisions
- Fifth section (§ § 43-44): Criminal and civil penalty provisions
- Sixth section (§ § 45-46): Transitional provisions