The German legislature has used the opening clauses of the DSGVO relatively extensively to create separate regulations for data protection in Germany.
Below you will find the additions and derogations from the GDPR on the most important topics of data protection that companies need to know. If topics are not linked, there are no derogating provisions in national data protection law
- Specific data protection law and official guidelines
- Substantive and territorial scope (no regulations deviating from the GDPR)
- Definitions
- Legal principles (no regulations deviating from the GDPR)
- Legal basis
- Sensitive data
- Informing requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Cookies
- Automated decision-making
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities
- Data security (no regulations deviating from the GDPR)
- Data breaches
- Data protection impact assessment (DPIA)
- Data protection officer
- Certification (no regulations deviating from the GDPR)
- Data transfer (no regulations deviating from the GDPR)
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research
