Handling security breaches from a German law perspective

The ever-increasing number of data security breaches coupled with the understandable reluctance of organisations to inform authorities and affected individuals of breaches, caused the German legislator to implement a legal data security breach reporting obligation in 2009. At the same time, regulators were given powers to fine organisations for failure to notify or for improper notification. These measures have made it easier for both regulators and data subjects affected by security breaches to minimise damage caused by security breaches. Perhaps more importantly, many organisations have enhanced their data security as a result. 

There is no general requirement to report data breaches under German law. The legal obligation is attached to specific types of personal data and differs depending on the applicable law. In particular, there are three different regulations under German law that relate to breach reporting obligations. This means whether a notification has to be made will depend on the type of personal data affected and the nature of the data controller.

Essentially, only breaches involving personal data considered as sensitive have to be notified. This includes information concerning racial or ethnic origin, political opinions, religious beliefs, health, criminal or administrative offences, bank accounts or credit cards as well as inventory and usage data of telecommunications or internet providers, such as name, address, phone number, password and information on time and scope of the services used…

If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.

Sign in or Register to continue reading this article

Sign in


It's quick, easy and free!

It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.

Register now

Why register to The Lawyer


Industry insight

In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.


Market intelligence

Identify the major players and business opportunities within a particular region through our series of free, special reports.


Email newsletters

Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.

More relevant to you

To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.

Briefings from Taylor Wessing

View more briefings from Taylor Wessing

Analysis from The Lawyer

  • merger deal

    Corporate crunch time: who will triumph at The Lawyer Awards 2014?

    As the equity capital markets rocketed back into favour and global M&A saw at least a partial return to form, there have been some rich pickings for The Lawyer’s Corporate Team of the Year award shortlisted firms in 2014. 

  • singapore orchid

    Singapore: Cash course

    The city-state is working hard to become a global wealth management hub, and law firms are gearing up for a prosperous new world

View more analysis from The Lawyer


5 New Street Square

Turnover (£m): 241.20
No. of lawyers: 860 (UK 200)
Jurisdiction: UK
No. of offices: 6
No. of qualified lawyers: 73 (International 50)
No. of partners: 29