Germany
Summary
Law: Federal Data Protection Act of 30 June 2017 (implementing the GDPR) (as amended) (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
Regulator: The Federal Commissioner for Data Protection and Freedom of Information (BfDI). Please note that there are also regional laws and regulators.
Summary: Germany is composed of a federation and 16 Länder that have complementary competencies in the privacy sector. In addition to the Act, every Land has adopted its own regional data protection law implementing the GDPR, which applies to the public sector and has priority over the Act. Further information on each Land, as well as federal activities, is available through the jurisdiction dashboard links below.