German Federal Data Protection Act

What is the German BDSG?


The German Federal Data Protection Act (BDSG) is the German federal legislation safeguarding individuals’ data privacy within Germany. It operates alongside the General Data Protection Regulation (GDPR) to provide additional regulations specific to the German context.

The GDPR requirements and rights are mimicked in the BDSG.

Data subjects have the right to access, object to processing, restrict processing, delete their data, correct the data, data portability, not to be part of automated decision-making, and others.

Organizations and individuals processing the data must adhere to the following:

  • Obtain consent for the processing if there are no other legal bases available
  • Process only the minimum amount of data and only for the specified purposes
  • Provide users with a privacy notice
  • Conduct Data Protection Impact Assessments where the processing can be risky
  • Ensure that the data is safeguarded from unauthorized access
  • Honor data subject requests and other duties.

MergeBase and the BDSG


We strive to meet the requirements of any data protection and data security law worldwide, no matter whether it applies to us or not. In this case, the BDSG does not apply to us as MergeBase is a Canadian company. We do not process data on behalf of our customers and only occasionally may process the personal name and email address of a German client.

The BDSG applies to the processing of data by German companies or to the processing of the data of German residents, which means that it could eventually apply only when we have German customers. In such a case, we are fully compliant with the law.


How Can MergeBase Help You Comply with the BDSG of Germany?


Our products and services can be a great addition to your data security program.

MergeBase offers continuous monitoring, enabling organizations to proactively detect and swiftly address potential security threats.

Regarding vulnerability management, MergeBase takes a proactive stance, locating and ranking vulnerabilities in open-source components of various applications and systems.

We also enhance patch management processes. By facilitating the rapid application of patches to identified vulnerabilities, the window during which personal data is at risk is substantially reduced, reinforcing the protective measures required under the BDSG.

Furthermore, the detailed vulnerability reports generated by MergeBase serve as a valuable resource. They detail the vulnerabilities found within applications and support organizations in compiling data access reports, showcasing their commitment to safeguarding information as per BDSG guidelines.

In case of personal data breaches, MergeBase offers crucial support in identifying the compromised data and the extent of the breach. This assistance is instrumental in ensuring prompt notification and corrective actions in accordance with the response protocols outlined by the BDSG.