The Federal Data Protection Act (BDSG) applies to the Federal Republic of Germany and regulates personal rights when dealing with personal data. This federal law describes the technical and organizational measures that must be taken to ensure compliance with the Federal Data Protection Act.
Data protection includes all data that can be processed and stored with electronic data processing systems in the public and non-public sectors, as well as data processing in files and on image and sound media.
The first version of the Federal Data Protection Act (BDSG) was passed in 1977 under the title: "Act to protect against misuse of personal data in data processing". Revised versions appeared in 1990 and 2009.
The Federal Data Protection Act sets out the rules for data protection in companies. It states that "persons entrusted with the processing of personal data shall be bound by data secrecy when they commence their activities. This requires, among other things, that the data protection officer familiarize these persons with the data protection requirements to be observed by taking appropriate measures." The BDSG consists of the:
- General provisions explaining the tasks, purpose and terms.
- Data processing by federal authorities and other public bodies.
- Data processing by non-public bodies for their own purposes.
- Business data processing of non-public bodies for third-party purposes.
- Penal and fine provisions.
- Transitional and final provisions.