What the GDPR Check evaluates
Public authorities are subject to BDSG Part 2 and the applicable state data protection act. The check evaluates your administrative processes with the correct terminology (citizens, applicants, staff) and avoids inappropriate fine warnings (§ 43(3) BDSG excludes GDPR fines for public bodies).
Legal foundations
GDPR Art. 6; BDSG § 1(1) No. 2 (scope for public bodies); BDSG Part 2; applicable state data protection act; § 5 BDSG (mandatory DPO); for municipalities § 28(4) BSIG. Placeholder — Phase 46 provides the target-group-specific ContentBlock.
How the check works
1. Choose your authority type (federal, state, municipality, public enterprise, public-law institution, corporation) 2. For state/municipal authorities: additionally select the federal state 3. Answer twelve questions using administrative terminology 4. Receive an assessment without warnings about EUR 20M+ fines
Your benefits
• Free and without registration • § 43(3) BDSG respected — no fine warnings for public authorities • Automatic reference to the applicable state act (16 state acts in Germany) • Administrative terminology rather than corporate vocabulary
Frequently asked questions
- Do GDPR fines apply to public authorities?
- No. § 43(3) BDSG excludes GDPR fines against public bodies in Germany. Instead, warnings and orders under Art. 58(2) GDPR apply.
- When does my authority need a DPO?
- Art. 37(1)(a) GDPR and § 5 BDSG establish a mandatory DPO appointment for public bodies — regardless of staff size. The § 38 BDSG 20-staff threshold applies only to private-sector organizations.
- Which state act applies to my authority?
- Federal authorities follow BDSG exclusively. State and municipal authorities also follow the state data protection act of their respective federal state (16 state acts in total). The check asks for the federal state and references the applicable act automatically.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.