Skip Navigation

Publication Answers Questions about German Data Breach Notification Requirements

The German Data Protection Authorities (DPA) of Berlin and North Rhine-Westphalia have issued a paper to answer questions about the German statutory data breach notification requirement. While the data breach requirement was passed into law two years ago, there is considerable confusion over when and how to comply.

German DPAs may impose a fine of up to €300,000 for failure to provide notification of a data breach, or for failing to provide notification correctly, completely, or in a timely manner.  Some see the paper as a prelude to greater enforcement in the near future.

It remains to be seen if the German data breach notification law will be replaced by a similar requirement in the revised EU Data Protection Directive currently being developed in Brussels.  European Commission VP Viviane Reding is quoted in a recent New YorkTimes article, stating that breach notification will be included in the new version of the Union-wide directive due for release this autumn.

Read the paper here.