04.07.2017 | KPMG Law Insights

There is no turning back. The new GDPR applies. – New data protection law approved by cabinet

New data protection law approved by cabinet

On February 1, 2017, the German Federal Cabinet approved a new draft law for the adaptation and restructuring of German data protection law. The “Data Protection Adaptation and Implementation Act” (DSAnpUG-EU) is necessary to adapt German data protection regulations to the European Data Protection Directive for Police and Justice and to the requirements of the new EU General Data Protection Regulation (EU GDPR). The EU GDPR aims to create a unified data protection law and thus largely the same standards for handling personal data within the EU. Nevertheless, it opens up scope for national regulations in the member states with a large number of opening clauses.

What does the new law regulate?

The DSAnpUG-EU represents a comprehensive reform and restructuring of German data protection law. The focus of the redesign is the comprehensive revision of the current Federal Data Protection Act (BDSG), which is intended to supplement and concretize the EU GDPR that will apply in Germany from May 2018. The 85-paragraph law presented in the draft is much more comprehensive than the previous BDSG. The underlying regulation is directly applicable as a European regulation. However, it is supplemented by the new BDSG. As a result, companies will have to comply with both sets of rules in the future. In addition, there are sector-specific regulations in specialized laws, which must also be within the framework of the EU GDPR regulations that have priority.

Criticism from experts and data protection authorities

The draft of the DSAnpUG-EU adopted by the Federal Cabinet is – like the previous drafts – in part considered to be contrary to European law and misguided. Many opening clauses are repeated in the draft of the new BDSG, which lacks the necessary concretizing regulation. In addition, the room for maneuver granted to the member states is being overstretched in some cases, so that regulations are being created that are not covered by the opening clauses of the EU GDPR. For example, the German supervisory authorities criticize that the rights of data subjects in particular would be unduly restricted. Overall, this would jeopardize the intended harmonization of data protection law in the EU and unlawfully lower the level of data protection provided for by the EU GDPR. Due to the many exceptions and references in the draft of the DSAnpUG-EU, an opaque thicket had been created especially for companies subject to German law. This would make the application of the new data protection law considerably more difficult and thus counteract the EU’s efforts to standardize and simplify data protection law for companies throughout Europe.

Finally, the draft in its current form leaves open the extent to which additional regulations are necessary with regard to the numerous sector-specific data protection provisions in Germany. Accordingly, there is a risk of an inconsistent data protection structure in Germany with partly contradictory regulations. The legal practitioners are simply overwhelmed with this situation and considerable legal uncertainty is created by the draft law.


It remains to be seen in what concrete form the draft will actually be promulgated as law after the vote in the Bundestag and Bundesrat and whether the points of criticism raised will be taken into account. In any case, companies are advised to keep a close eye on the legislative process and deal with the largest data protection reform in Europe now, otherwise they will face severe fines of up to EUR 20 million or 4% of the previous year’s global turnover as of May 25, 2018. On March 10, the Federal Council is expected to discuss the new law.

Services of KPMG Law

Our team of highly specialized attorneys advises international and national corporations, small and medium-sized enterprises, public corporations, as well as financial investors and start-ups comprehensively in the area of information management (data protection and IT security), especially in the identification, analysis and evaluation of existing legal documentation and internal processes for handling personal data (“Privacy Impairment Check”) as well as their optimization.

In addition, we provide creative advice on the introduction of information and data management in compliance with data protection requirements, as well as on the development and market launch of products (“Privacy by Design”).

Of course, we also advise you on an ad hoc basis in internal or external investigation proceedings, e.g. following a “data loss incident” in the event of a crisis, and represent you in all official or court proceedings (legal representation). Feel free to contact us at any time about our consulting services!

Explore #more

14.11.2023 | Press releases

Tax and Law at a glance – New issue of the digital magazine “Talk

“Talk” stands for Tax and Law Compass, because that’s what the digital magazine wants to be: a navigation aid to the legal and tax aspects…

10.11.2023 | Deal Notifications

KPMG Law and KPMG AG Wirtschaftsprüfungsgesellschaft advise Ziemann Holvrieka on the acquisition of Künzel Maschinenbau

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) and KPMG AG Wirtschaftsprüfungsgesellschaft (KPMG) advised Ziemann Holvrieka GmbH from Ludwigsburg on the acquisition of the majority of shares…

09.11.2023 | KPMG Law Insights

Mantelverordnung: New rules for mineral substitute building materials

On 01.08.2023, a number of laws came into force or were amended with the framework ordinance on the recycling of mineral waste: the ordinances…

08.11.2023 | Deal Notifications

KPMG Law advises Wide Open Agriculture on the acquisition of assets of Prolupin GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) advised Wide Open Agriculture Limited (WOA) on the agreement to acquire the assets of Prolupin GmbH. The agreement provides…

08.11.2023 | Deal Notifications, Press releases

KPMG Law advises Wide Open Agriculture on the purchase of assets of Prolupin GmbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) has advised Wide Open Agriculture Limited (WOA) on the agreement to acquire assets of Prolupin GmbH. The agreement provides…

07.11.2023 | KPMG Law Insights, KPMG Law Insights

GWB amendment: These interventions threaten after sector inquiries

On April 5, 2023, the German government passed the 11th amendment to the Act against Restraints of Competition (GWB), the so-called Competition Enforcement Act.…

01.11.2023 |

Guest article in the “Versicherungswirtschaft” on autonomous driving

Autonomous cars are supposed to be the future. For the insurance industry, the development is accompanied by new risks, but also promising market prospects. In…

01.11.2023 | KPMG Law Insights

The MoPeG is coming – Here’s how GbRs with real estate should act now

On January 1, 2024, the German Act on the Modernization of Partnership Law (MoPeG) will come into force. Then the civil law partnership (GbR) has…

31.10.2023 |

Philipp Glock on the use of generative AI in the current issue of Juve Rechtsmarkt

ChatGPT has ushered in a new information age. The same applies to law firms: If you want to keep up, you have to stay on…

25.10.2023 | KPMG Law Insights

Podcast series “KPMG Law on air”: Company pension schemes in times of inflation

In times of inflation, both employers and beneficiaries worry about how the devaluation of money will affect company pension plans (bAV). Pension commitments are generally…

© 2023 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.