🇩🇪GermanyActive
GDPR compliance in Germany
Germany supplements GDPR with the BDSG and has 16 state-level DPAs. BfDI handles federal matters while each Bundesland has its own authority.
Enforcement authority
BfDI (federal) + 16 state-level DPAs (Landesdatenschutzbeauftragte)
Maximum sanctions
German DPAs have issued significant fines. H&M received EUR 35 million from Hamburg DPA.
Obligations
Key obligations
What GDPR requires from organizations operating in Germany.
Comply with BDSG employee data protection provisions
Appoint a DPO (mandatory for 20+ employees processing personal data)
Follow state-level DPA guidance in addition to federal rules
Implement works council consultation for employee monitoring
Local context
Local context in Germany
Germany's decentralized system means enforcement can vary by state. Bavaria and Hamburg are particularly active.
Frequently asked questions
How does GDPR apply in Germany?
Germany supplements GDPR with the BDSG and has 16 state-level DPAs. BfDI handles federal matters while each Bundesland has its own authority.
Who enforces GDPR in Germany?
BfDI (federal) + 16 state-level DPAs (Landesdatenschutzbeauftragte)
What are the penalties for GDPR non-compliance?
German DPAs have issued significant fines. H&M received EUR 35 million from Hamburg DPA.
GDPR in other jurisdictions
Check your GDPR compliance now
Start free scan to see your risk score and applicable obligations.