7 March 2023
Information Security Considerations (Germany)
A Practice Note describing the laws, regulations, enforcement practices, and local resources to consider when developing, implementing, and maintaining an information security program in Germany or as applied to data originating from Germany. It discusses the Federal Data Protection Act (BDSG) and critical infrastructure provider obligations under the IT Security Act and IT Security Act 2.0. It addresses related EU law, such as the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), the EU Directive on the Security of Network and Information Systems (Directive 2016/1148/EC) (NIS Directive), and Germany's implementing laws. It also discusses Federal Office for Information Security (BSI) regulations, standards, and resources. Finally, the Practice Note also addresses the requirements in light of recent legislative developments such as the NIS 2 Directive (Directive (EU) 2022/2555) and the DORA Regulation (Regulation (EU) 2022/2554). The Germany-specific guidance in this Note may be used with the generally applicable resources listed in the Global Information Security Toolkit.
Download the entire article (pdf)
Reproduced from Thomson Reuters Practical Law with the permission of the publishers. For further information, visit the Global Home page at uk.practicallaw.thomsonreuters.com
Related Insights
NIS 2 Implementation and Cybersecurity Strengthening Act: Germany tightens IT security requirements
Paul Voigt and Alexander Schmalenberger look at Germany's progress on NIS2 implementation.
by Dr. Paul Voigt, Lic. en Derecho, CIPP/E and Alexander Schmalenberger, LL.B.
China: A practical insight into China SCCs and their impact on businesses
Michael Tan, Julian Sun, Paul Voigt and Wiebke Reuter look at what China's new SCCs mean for businesses looking to export personal data from China to the EU.
by multiple authors