Law: Berlin Data Protection Act (BlnDSG) of 13 June 2018 (only available in German here)

Regulator: Berlin data protection authority

Summary: Berlin implemented the GDPR through the Berlin Data Protection Act (BlnDSG) of June 13, 2018 (only available in German here), which came into effect on June 24, 2018.

The BInDSG provides for derogations from the GDPR and data protection requirements within Berlin. Several of the provisions in the BInDSG relate to public sector activities. The BInDSG also considers requirements regarding data subject rights, special processing situations and purposes, and specifying technical and organizational measures.

The Berlin data protection authority (the Berlin Commissioner) is the supervisory authority under the BInDSG and is a particularly active regulator. The Berlin Commissioner has issued several pieces of guidance and detailed requirements in many areas, including direct marketing and data processing contracts of web hosts. The Berlin Commissioner has also issued considerable fines in the past, including a €300,000 fine for lack of transparency in automated decision-making.