country: Germany framework: GDPR region: EU language: de version: 2024-06 status: published last_updated: 2025-06-26 source_verified: true authority: BfDI (Federal Commissioner for Data Protection and Freedom of Information) notes: - Germany implements GDPR alongside the Bundesdatenschutzgesetz (BDSG). - This file reflects general GDPR coverage and BDSG-sensitive fields where applicable. categories: - name: Full Name type: direct_identifier subtype: personal_name required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) description: Personal data includes any identifiable information - regulation: BDSG article: Section 26 description: Employee data requires special protection category_tags: - core - identity - name: Email Address type: direct_identifier subtype: digital_contact required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) category_tags: - core - contact processing_purposes: allowed: - service_delivery - contract_fulfillment - communication - customer_support - authentication - marketing_with_consent - analytics_with_consent restricted: - profiling_without_consent - automated_decision_making - third_party_sharing - behavioral_advertising - cross_context_tracking prohibited: - sale_without_consent - discrimination - surveillance - unauthorized_disclosure legal_basis: - consent - contract - legitimate_interest consent_required: false opt_out_available: true notes: "GDPR Article 6 legal basis required. Marketing requires consent (opt-in). Service communications permitted under contract basis." - name: Phone Number type: direct_identifier subtype: telecom_contact required_masking: true tags: - pii citations: - regulation: GDPR article: 4(1) category_tags: - core - contact - name: IP Address type: indirect_identifier subtype: network_identifier required_masking: true tags: - tracking citations: - regulation: GDPR recital: '30' description: Online identifiers including IP addresses can identify users category_tags: - digital - behavioral - name: National ID Number (Personalausweisnummer) type: national_identifier subtype: government_id required_masking: true tags: - pii - national_id - government_id citations: - regulation: GDPR article: '87' - regulation: BDSG article: Section 20 category_tags: - core - identity - name: Biometric Data (e.g., facial recognition, fingerprints) type: special_category subtype: biometric required_masking: true tags: - biometric - sensitive citations: - regulation: GDPR article: 9(1) url: https://gdpr-info.eu/art-9-gdpr/ description: Processing of special categories requires explicit consent or legal basis category_tags: - core - biometric - sensitive risk_level: high breach_impact: - identity_theft - privacy_violation - discrimination - physical_harm gdpr_penalty_tier: high masking_techniques: - method: encryption algorithm: AES-256-GCM suitability: production reversible: true notes: Store encrypted templates only; never store raw biometric images - method: hash algorithm: SHA-3-256 suitability: verification reversible: false - method: suppression suitability: analytics reversible: false notes: Remove entirely for non-essential analytics retention: legal_minimum: "As long as processing purpose exists" recommended: "Delete immediately after verification or authentication" maximum: "No longer than necessary (GDPR Article 5(1)(e))" basis: "GDPR Article 9 + Article 5(1)(e) storage limitation" deletion_trigger: - "consent_withdrawal" - "purpose_fulfilled" - "user_account_deletion" exceptions: - "legal obligation to retain (e.g., employment law)" - "vital interests of data subject" archival_allowed: false notes: "Biometric data requires explicit consent; must be deleted when no longer needed" - name: Health Data (diagnoses, medical history) type: special_category subtype: health required_masking: true risk_level: high breach_impact: - medical_fraud - discrimination - insurance_discrimination - privacy_violation - emotional_distress gdpr_penalty_tier: high masking_techniques: - method: pseudonymization algorithm: tokenization suitability: analytics reversible: true notes: Required for research under GDPR Article 89 - method: generalization algorithm: k-anonymity (k>=5) suitability: research reversible: false - method: encryption algorithm: AES-256 suitability: production reversible: true retention: legal_minimum: "10 years" recommended: "10 years after last treatment" maximum: "30 years" basis: "German Medical Association guidelines + GDPR Article 17" deletion_trigger: - "patient_death + 10 years" - "end_of_medical_relationship + 10 years" exceptions: - "ongoing medical treatment" - "legal claims or proceedings" - "public health requirements" archival_allowed: true notes: "Medical records retention varies by German state law; some require 30 years for surgical records" processing_purposes: allowed: - medical_treatment - health_monitoring - emergency_care - preventive_medicine - medical_diagnosis - healthcare_management - public_health - research_with_consent - legal_compliance restricted: - insurance_underwriting - employment_screening - third_party_sharing - ai_training - predictive_analytics - automated_decision_making prohibited: - sale_without_consent - discrimination - insurance_discrimination - employment_discrimination - unauthorized_disclosure - genetic_discrimination legal_basis: - explicit_consent - vital_interests - medical_treatment - public_health - scientific_research consent_required: true opt_out_available: false notes: "GDPR Article 9(2) permits processing for medical treatment, public health, and research with safeguards. Explicit consent required except for vital interests or medical necessity." tags: - phi - sensitive citations: - regulation: GDPR article: 9(1) category_tags: - core - health - sensitive - name: Sexual Orientation type: special_category subtype: personal_attributes required_masking: true tags: - sensitive citations: - regulation: GDPR article: 9(1) category_tags: - sensitive - name: Location Data (real-time GPS) type: behavioral subtype: geolocation required_masking: true tags: - tracking citations: - regulation: GDPR article: 4(1) description: Location data may contribute to identifiability category_tags: - digital - behavioral - name: Cookie Identifier / Device Fingerprint type: indirect_identifier subtype: device_id required_masking: true tags: - tracking - online_identifier - pii citations: - regulation: GDPR recital: '30' category_tags: - digital - tracking - name: Employment Data (salary, performance reviews) type: contextual_identifier subtype: hr_data required_masking: true tags: - pii - hr_data - compensation citations: - regulation: BDSG article: Section 26 description: Personal data in employment context category_tags: - employment - sensitive - name: Financial Account Number (IBAN) type: financial_identifier subtype: bank_account required_masking: true tags: - pii - financial - bank_account citations: - regulation: GDPR article: 4(1) category_tags: - finance - sensitive - name: Insurance Number (Krankenversicherung) type: national_identifier subtype: insurance_id required_masking: true tags: - pii - insurance - health_id citations: - regulation: BDSG article: Section 22 category_tags: - health - finance