On 5 July 2017, almost a year before the General Data Protection Regulation (EU/2016/679, the “GDPR”) will be applied, the new German Federal Data Protection Act (‘Bundesdatenschutzgesetz’) passed the final stage of the legislative process, the so-called German Data Protection Amendment Act (the “GDPAA”). It has been countersigned by the German Federal President and published in the Federal Law Gazette.
The GDPAA will, with one exception outlined below, enter into force on 25 May 2018, and will substantially change the current German Federal Data Protection Act in order to align it to the GDPR, to make use of its derogations, and to implement the Law Enforcement Directive (EU/2016/680).
Although the GDPR directly applies across the EU and its provisions prevail over national law, Member States retain the ability to introduce their own national legislation based on certain derogations provided for by the GDPR. These derogations include national security, prevention and detection of crime, and also apply in certain other important situations – the so-called ‘opening clauses’.
