Author
Paul Voigt

Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More
Author
Paul Voigt

Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Partner

Read More

7 March 2023

Information Security Considerations (Germany)

  • In-depth analysis

A Practice Note describing the laws, regulations, enforcement practices, and local resources to consider when developing, implementing, and maintaining an information security program in Germany or as applied to data originating from Germany. It discusses the Federal Data Protection Act (BDSG) and critical infrastructure provider obligations under the IT Security Act and IT Security Act 2.0. It addresses related EU law, such as the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (NIS Directive), and Germany's implementing laws. It also discusses Federal Office for Information Security (BSI) regulations, standards, and resources. Finally, the Practice Note also addresses the requirements in light of recent legislative developments such as the NIS 2 Directive (Directive (EU) 2022/2555) and the DORA Regulation (Regulation (EU) 2022/2554). The Germany-specific guidance in this Note may be used with the generally applicable resources listed in the Global Information Security Toolkit.

Download the entire article (pdf)

Reproduced from Thomson Reuters Practical Law with the permission of the publishers. For further information, visit the Global Home page at uk.practicallaw.thomsonreuters.com

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Colourful computer cable close-up
Data protection & cyber

Cyber Incident Response and Data Breach Notification (Germany)

8 March 2023
In-depth analysis

by Dr. Paul Voigt, Lic. en Derecho, CIPP/E

Click here to find out more
Technology, media & communications

The EU-U.S. Data Privacy Framework (DPF) is coming

21 December 2022
In-depth analysis

by multiple authors

Click here to find out more
Data centre server room
Data protection & cyber

The countdown has begun: By 26 December 2022, all old standard contractual clauses must be replaced by the new SCCs 2021

19 October 2022
In-depth analysis

by Dr. Paul Voigt, Lic. en Derecho, CIPP/E and Wiebke Reuter, LL.M. (London)

Click here to find out more