Art. 9 (3) GDPR requires that the “sensitive data” must be “processed by or under the responsibility of a professional subject to the obligation of professional secrecy under Union or Member State law or rules established by national competent bodies or by another person also subject to an obligation of secrecy under Union or Member State law or rules established by national competent bodies”. Sec. 22 (1) no. 1 lit. b) FDPA essentially repeats Art. 9 (3) GDPR.(53)…
In Germany, secrecy obligations are regulated especially by the laws governing the…
