Our website is only using a technically necessary cookie to ensure the basic functionality of this website.


The data protection law valid before the General Data Protection Regulation (GDPR) included a system for notification. Data controllers reported the structure (not the actual content) of their data applications to the Data Processing Register (Datenverarbeitungsregister).

The General Data Protection Regulation abolishes this system and replaces it with the records of processing activities (Art. 30 GDPR) and data protection impact assessments (Art. 35 and 36 GDPR).

The obligation to notify expired with 25 May 2018. The Data Processing Register does not exist anymore.

The list of processing operations for which no data protection impact assessment is required (Art. 35 para. 5 GDPR) will take prior compliance through the notification system into account.