Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Germany: BfDI releases a statement the NIS-2 Implementation and Cyber Security Strengthening Act
On July 3, 2024, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) announced that it published a statement on the NIS-2 Implementation and Cyber Security Strengthening Act of June 24, 2024, to the Federal Ministry of the Interior and Home Affairs.
The BfDI highlights in its statement the lack of clarity as to why the reporting obligation to the data protection authority is only triggered in case of 'obvious' data protection violations and excessive restrictions to rights to information.
Furthermore, the statement outlines several issues and observations regarding changes to the Act on the Federal Office for Information Security (BSI Act - BSIG), including:
- the 'telemedia' should be replaced with 'digital service' to align with the Digital Services Act;
- the provisions should include that the Federal Office for Information Security (BSI) must submit lists of systems to be checked regarding security risks for networks and IT at regular intervals to the BfDI;
- regarding the obligation to grant access to information, the BfDI finds that the deadline is too short, which presents the risks of service providers releasing too much data, that requirements for sufficient justification of application should be included in the law, and that the law does not foresee any consequences for releasing information without authorization; and
- to avoid double sanctioning, the BSI should consult the BfDI on imposed fines.
You can read the press release here and the statement here, both only available in German.