Skip to content

The new Data Protection Act (nDSG), which comes into force on 1 September 2023, brings with it a number of new and amended legal provisions. However, legal texts are not necessarily known for being easy to understand. However, since ignorance is no excuse, HÄRTING has formulated the following ten commandments on the new Data Protection Act (nDSG) for everyone to understand, which we also make available to you free of charge in our shop.



  1. Commandment : The company’s managers are aware of the consequences of breaching the protection of personal data (including personal criminal liability). The roles and responsibilities within the company or the group with regard to the protection of information are clearly defined and trained.
  2. Commandment : A register of processing activities with the categories of personal data processed and data subjects as well as the other information required by law is available and regularly updated.
  3. Commandment : The data protection information in the privacy policy, the cookie policy and the other information requirements in contracts with customers, employees and suppliers meet the legal requirements and are in line with the processes used in the company.
  4. Commandment : The legal basis for the processing carried out, including data transfers, has been identified, verified and documented.
  5. Commandment : Transfers of personal data to other countries comply with the relevant legal requirements and any necessary data protection impact assessments, including any transfer risk assessments, are in place.
  6. Commandment: Where consent is used as a legal basis, the way it is obtained and managed complies with the relevant requirements and transparent information is provided.
  7. Commandment : If personal data of vulnerable persons (such as minors or other persons incapable of judgement) are processed, the consent of a legal representative must be available.
  8. Commandment : There is a process for identifying, reporting, documenting and managing security incidents, which is tested regularly.
  9. Commandment : The individual rights of data subjects are not violated and can be easily exercised or reported.
  10. Commandment : The procedures for the protection of personal data are understood and applied from the conception phase onwards and as standard by all actors concerned.