An overview of the most important basics of data protection serves as a basis for making decisions about future data protection measures in your company.


Federal Constitutional Court, judgment of December 15, 1983 – 1 BvR 209/83, BVerfGE 65, 1 = NJW 1984, 418
In some Member States the protection of personal data was regulated very early on. The world’s first data protection law came into force in Hesse (Germany) in 1970. National data protection laws still apply in all current member states of the European Union up to and including May 24, 2018. These implement the EU directive 95/46/EG. The current regulations grant natural persons a certain – but not yet sufficient – protection against misuse of the personal data concerning them. Therefore, the General Data Protection Regulation applies from May 25, 2018. The Union legislature also prominently grants the individual whose personal data is processed fundamental rights protection, Art. 8 GRCh. In some member states, however, this was already recognized before the Charter of Fundamental Rights came into force. The basic right to informational self-determination in the Federal Republic of Germany was created in 1983 by the Federal Constitutional Court, which derived it from Article 1(1), Article 2(1) of the Basic Law (1). It should now be undisputed that personal data must be adequately protected.


We briefly present some of the legal bases here.

Federal Data Protection Act (BDSG)

Privacy Policy 95/46EG

Data protection as a fundamental right

General Data Protection Regulation (GDPR)

It can be difficult for an internal data protection officer to maintain an overall view of the data protection regulations and cross-border case law that apply to a person responsible.

The employees of the German Society for Data Protection are constantly undergoing further training and monitor legislation and case law, because changes always affect the majority of clients.