Law: Bavarian Data Protection Act (BayDSG) of 15 May 2018 (only available in German here)

Regulator: Data Protection Authority of Bavaria for the Private Sector (BayLDA) and Bavarian data protection authority (BayLfD)

Summary: Bavaria implemented the GDPR through the Bavarian Data Protection Act (BayDSG) of May 15, 2018, which came into effect on May 25, 2018.

The BayDSG provides for derogations from the GDPR and data protection requirements within Bavaria. These include detailing obligations for special processing purposes, such as video surveillance, exemptions from certain provisions for public sector activities, and when personal data may be collected from third parties.

The Data Protection Authority of Bavaria for the Private Sector (BayLDA) and the Bavarian data protection authority (BayLfD) are the supervisory authorities under the BayDSG. Unlike the other German Länders, supervisory authorities are split between public and private sectors, the latter of which is regulated by the BayLDA. Both the supervisory authorities frequently release guidance on relevant privacy topics.