SecurePrivacy Logo

Berlin Data Protection Act (BlnDSG)

View Law Text
Maximum Fine
€20M or 4%
Scope
State
Regulator
BlnBDI
Framework
GDPR

Need Help with Berlin Data Protection Act (BlnDSG) Compliance?

Get expert guidance on implementing Berlin's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Berlin Data Protection Act (BlnDSG) implements and supplements the GDPR in Berlin, establishing specific requirements for public authorities and other organizations in Berlin.

Key Facts

  • Enacted in 2018 to align with GDPR
  • Enforced by Berlin Commissioner for Data Protection
  • Focus on public sector requirements

Key Principles

Public Sector Data Processing

Specific rules for processing personal data by Berlin public authorities.

Requirements

  • Legal basis verification
  • Purpose limitation
  • Data minimization
  • Security measures
  • Documentation requirements

Examples

  • Processing records
  • Legal basis documentation
  • Security concepts
  • Purpose registers

Transparency Requirements

Enhanced transparency obligations for Berlin public bodies.

Requirements

  • Information provision
  • Processing documentation
  • Public registers
  • Access procedures
  • Regular updates

Examples

  • Privacy notices
  • Public registers
  • Access request procedures
  • Documentation systems

Data Security Measures

Specific security requirements for Berlin public authorities.

Requirements

  • Risk assessment
  • Technical measures
  • Organizational measures
  • Staff training
  • Regular audits

Examples

  • Security policies
  • Training programs
  • Audit procedures
  • Risk assessments

Compliance Requirements

Public Sector Requirements

Specific requirements for Berlin public authorities processing personal data.

Implementation Steps

  • Identify legal basis
  • Document processing activities
  • Implement safeguards
  • Train staff
  • Regular reviews

Required Documentation

  • Processing records
  • Legal basis documentation
  • Security measures
  • Training records
  • Review logs

Data Protection Officer

Requirements for appointing and maintaining a DPO in Berlin public bodies.

Implementation Steps

  • Assess DPO requirement
  • Appoint qualified DPO
  • Notify Berlin DPA
  • Ensure independence
  • Document activities

Required Documentation

  • DPO appointment letter
  • Qualification records
  • Notification records
  • Independence documentation
  • Activity logs

Special Processing Operations

Additional requirements for specific types of data processing by Berlin authorities.

Implementation Steps

  • Conduct prior consultation
  • Implement special safeguards
  • Document measures
  • Regular assessments
  • Monitor compliance

Required Documentation

  • Consultation records
  • Safeguard documentation
  • Assessment reports
  • Monitoring logs
  • Compliance records

Enforcement & Penalties

Administrative Penalties

The Berlin Commissioner for Data Protection and Freedom of Information can impose significant administrative fines.

Penalty Categories

Severe Violations
Up to €20M or 4% of global revenue
For violations of basic principles or data subject rights
Standard Violations
Up to €10M or 2% of global revenue
For violations of technical and organizational measures
Public Sector
Corrective Measures
Special enforcement regime for public authorities

Example Cases

Public Authority
Corrective Order
2023 - Required implementation of security measures
Private Company
€525,000
2022 - Insufficient technical and organizational measures

Additional Measures

The Berlin DPA can impose various corrective measures beyond monetary penalties.

Penalty Categories

Processing Bans
Temporary or Permanent
Prohibition of specific processing activities
Corrective Orders
Mandatory Changes
Orders to bring processing into compliance
Public Warnings
Publication
Public disclosure of violations

Example Cases

Digital Service Provider
Processing Ban
2023 - Ordered to cease illegal data collection
Municipal Office
Corrective Order
2023 - Required to implement privacy by design