Law: Saxon Data Protection Act (SächsDSG) of 25 August 2003, as amended to implement the GDPR (only available in German here)

Regulator: Saxon data protection authority (SächsDSB)

Summary: Saxony implemented the GDPR through the Saxon Data Protection Act of August 25, 2003, as amended to implement the GDPR (SächsDSG) (only available in German here).

The SächsDSG provides for derogations from the GDPR and data protection requirements within Saxony. Compared to other State-level German data protection laws, the SächsDSG is slightly more detailed and addresses a marginally wider range of topics. In particular, there are additional provisions related to data subject rights and data transfers. The Saxon data protection authority (SächsDSB) is the supervisory authority under the SächsDSG. The SächsDSB has issued a number of guidance, including on the use of cookies and the processing of employee personal data.