Law: Bremen Implementation Act to the EU General Data Protection Regulation (BremDSGVOAG) of 8 May 2018 (only available in German here)

Regulator: Bremen data protection authority (the Bremen Commissioner)

Summary: Bremen implemented the GDPR through the Bremen Implementation Act to the EU General Data Protection Regulation of May 8, 2018 (BremDSGVOAG) (only available in German here), which came into effect on May 25, 2018.

The BremDSGVOAG provides for derogations from the GDPR and data protection requirements within Bremen. The BremDSGVOAG sets out provisions for a range of specific processing situations, such as processing in the employment context and video surveillance, as well as establishing exemptions from certain requirements for public bodies.

The Bremen data protection authority (the Bremen Commissioner) is the supervisory authority under the BremDSGVOAG. The Bremen Commissioner has issued notable fines in the past, including a €1.9 million fine for violations regarding legal basis and transparency. The Bremen Commissioner has released several pieces of guidance on specific topics such as photocopiers and name tags, and Data Protection Impact Assessments.