Law: Saarland Data Protection Act (SDSG) of 16 May 2018 (only available in German here)

Regulator: Saarland data protection authority

Summary: Saarland implemented the GDPR through the Saarland Data Protection Act of May 16, 2018 (SDSG) (only available in German here), which became effective on May 25, 2018.

The SDSG provides for derogations from the GDPR and data protection requirements within Saarland. In particular, the SDSG is a detailed piece of legislation and addresses special purposes of processing, public sector activities, and data subject rights, as well as processing sensitive data, Data Protection Impact Assessments (DPIA), and automated processing. The Saarland data protection authority has released extensive guides for data processors, DPIA, and data protection officers.