LfD Bavaria Data Protection

Cybersecurity Checklist and Handbook for Data Protection

BayLDA has published the Cyberfestung Bayern programme, comprising a 10-point cybersecurity checklist and a compact handbook on Defence in Depth (Tiefenverteidigung), both freely downloadable as PDFs from the authority's website. The materials catalogue common attack vectors — compromised email accounts, spear-phishing, and ransomware/extortion — encountered in daily incident reports from Bavarian companies. BayLDA frames the resources as an expansion of its existing prevention programme, aimed at raising the barrier for attackers through layered technical and organisational measures.

GDPR Privacy Checklist for Solo Retail Businesses

LfD Bavaria (BayLDA) published a practical GDPR compliance checklist tailored for solo self-employed individuals and micro-businesses in the retail sector. The checklist covers 15 operational areas including processing activity records, legal bases, video surveillance, webshop compliance, email security, cloud office products, data subject rights, website tracking, email marketing, and AI usage. An annex provides template processing activity records and technical-organisational measures. The guidance confirms that solo retailers with nine or fewer employees typically fall below the mandatory DPO appointment threshold under both GDPR and BDSG.

State Data Protection Authorities Propose Alternative Reforms to Centralization

German state data protection authorities issued a joint press release on March 26, 2025, proposing three alternative reforms to coalition plans for centralizing data protection supervision. The authorities argue that centralization would harm regional economies and that their existing decentralized structure particularly benefits small and medium-sized enterprises, which comprise 99.2 percent of German companies. The proposals include establishing one contact authority for cross-state matters, extending the 'one-for-all' principle to data protection authorities, and institutionalizing the Data Protection Conference (DSK) with a joint decision-making body.