Law: Data Protection Law North Rhine-Westphalia (DSG NRW) 2018 (only available in German here)

Regulator: North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW)

Summary: North Rhine-Westphalia implemented the GDPR through the Data Protection Law North Rhine-Westphalia of May 17, 2018 (DSG NRW) (only available in German here) which came into force on May 25, 2018.

The DSG NRW provides for derogations from the GDPR and data protection requirements within North-Rhine Westphalia. The DSG NRW is a relatively extensive law compared to the other State-level data protection laws in Germany. In particular, while Chapter 1 echoes the other Länder data protection laws in providing certain exemptions and special requirements, Chapter 2 provides a fuller set of general data protection requirements, including fundamental principles. The North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information (LDI NRW) is the supervisory authority under the DSG NRW. The LDI NRW is quite active and regularly releases guidance covering an extensive range of privacy concerns, including on data transfers and right of access.