Law: Federal Data Protection Act of 30 June 2017 (implementing the GDPR) (as amended) ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: The Federal Commissioner for Data Protection and Freedom of Information ('BfDI'). Please note that there are also regional laws and regulators.
Summary: Germany is composed of a federation and 16 Länder that have complementary competences in the privacy sector. In addition to the Act, every Land has adopted its own regional data protection law implementing the GDPR, which apply to the public sector and have priority over the Act. Further information on each Land as well as federal activities is available through the jurisdiction dashboard links below.