Federal Commissioner for Data Protection and Freedom of Information (BfDI): Who is responsible for data protection outside of companies?

Last updated:
02.03.2026
Data protection officers aren't just found in private companies. At the state and federal level, there are also federal and state data protection commissioners. Find out why your data protection officer should be familiar with these authorities.
Federal Commissioner for Data Protection and Freedom of Information (BfDI): Who is responsible for data protection outside of companies?
Key Takeaways
  • The Federal Commissioner for Data Protection and Freedom of Information (BfDI) is a data protection authority that monitors and advises other federal agencies.
  • The BfDI conducts security audits that may also affect private companies if they work with security-relevant federal agencies.  
  • Most companies fall under the jurisdiction of the state data protection commissioners.
  • The company data protection officer is the official point of contact between the company and the supervisory authority.
  • Statements from the BfDI provide early insight into which data protection topics are likely to become politically and legally relevant.

Federal Commissioner for Data Protection: Who or what is behind it?

The official title for the Federal Data Protection Commissioner is the "Federal Commissioner for Data Protection and Freedom of Information (BfDI)." Strictly speaking, this is not a single person, but a federal authority. More precisely, the supreme federal authority for data protection.  

However, the associated office and the leadership of the authority are held by a natural person. Currently (as of 2026), Prof. Dr. Louisa Specht-Riemenschneider holds the office. As one of the few federal authorities, the agency and its leadership are based not in Berlin, but in Bonn.

Who appoints the Federal Data Protection Commissioner?

Federal Data Protection Commissioners are proposed by the Federal Government and elected by the Bundestag. A Federal Data Protection Commissioner may be elected to the office for a total of two five-year terms.  

What are the duties of the Federal Data Protection Commissioner?

As Federal Data Protection Commissioner, the respective officeholder is responsible for the monitoring and advising of federal authorities, other federal public bodies, as well as telecommunications and postal service providers regarding data protection and freedom of information .  

Furthermore, they conduct security clearances in accordance with the Federal Security Clearance Act (SÜG), which can also affect private companies . This is the case, for example, when private companies take on contracts for the federal government.

While a Federal Commissioner for Data Protection is formally the highest authority on data protection matters, the oversight of data protection in the private sector is generally the responsibility of the respective state data protection commissioner.

How do the Federal Commissioner and the state data protection commissioners work together?

Data protection oversight in Germany is organized on a federal basis: the federal and state governments each have their own supervisory authorities, which cover different areas of jurisdiction. This distribution of responsibilities follows the administrative structure established in the Basic Law.

In the field of data protection, this means that the respective state data protection commissioner, in addition to monitoring the private sector , also monitors and advises the respective state authorities on data protection law. The Federal Commissioner for Data Protection, the state data protection commissioners, and the Bavarian State Office for Data Protection Supervision meet regularly at the Conference of the Independent Data Protection Authorities of the Federation and the States . This body addresses current developments in data protection and issues statements on them.

What role do data protection officers play in federal data protection?

The role of the company data protection officer within this network of various data protection officials can be clearly defined: they ensure compliance with data protection within the company and, in this capacity, are also Contact details for the supervisory state data protection authority.

Why companies should know about federal and state data protection commissioners

Although private companies have little day-to-day interaction with the Federal Commissioner for Data Protection, it is important to be aware of this office and its function. The office contributes to shaping public opinion on data protection and influences political decision-makers.  

You can therefore use the activities of the Federal Commissioner for Data Protection to clearly identifywhere the current focal points in data protection lie. For example, the current Federal Commissioner for Data Protection has previously commented on NIS2 implementation and AI topics .

Proactively engaging with data protection pays off for companies. This is because data protection and its proactive implementation within companies are increasingly becoming a key competitive factor: Both customers and business partners value exemplary data protection measures in companies.  

Keeping an eye on what the Federal Commissioner for Data Protection has to say about data protection issues in the public sphere helps you develop a better sense for data protection and identify trends early on. You don't need a federal commissioner for this, but rather an efficient data protection officer: Proliance provides you with certified external data protection officers to support you with all GDPR requirements. Effortless, legally compliant, and with expert advice from a single source.

Frequently Asked Questions

Still have questions? We have the answers.

What is a Federal Data Protection Commissioner and what are their tasks?

The Federal Commissioner for Data Protection and Freedom of Information (BfDI) is the supreme federal authority for data protection. He monitors and advises federal authorities, federal public bodies, and telecommunications and postal service companies. The BfDI also conducts security audits that may affect private companies. Internal or external experts, such as Proliance's certified data protection officers, handle operational data protection and GDPR compliance within companies.

What is the difference between the Federal Data Protection Commissioner and the State Data Protection Commissioner?

The BfDI monitors federal authorities and federal-level entities. State Data Protection Commissioners oversee the private sector and state authorities. Data protection oversight is organized federally: Most companies fall under the jurisdiction of the State Data Protection Commissioners. Company Data Protection Officers serve as official liaisons between businesses and state authorities. Proliance offers external DPOs as a professional link to the supervisory authority.

Why should companies know the Federal Data Protection Commissioner?

The BfDI shapes the discourse on data protection and, through its statements, identifies data protection trends early on. This allows companies to identify critical areas and react proactively. An efficient in-house DPO monitors relevant developments. Proliance provides external Data Protection Officers who offer legally sound and proactive advice, allowing your employees to continue focusing on their core tasks.

Do you have further questions on this topic? Our experts will be happy to advise you free of charge.

If you're looking for a partner to support you on your journey to data protection and information security, feel free to contact our team of experienced experts.
60+ Expertinnen und Experten
Book a consultation
Topics
Editorial
Sabrina Schaub
Freelance Editor
Leveraging her content expertise, Sabrina supports the Proliance team in communicating complex topics clearly. As a freelance writer, she understands the data privacy requirements across different sectors and translates even complex information into content tailored to specific target audiences.
Zum Autorenprofil
Zum Expertenprofil
About Proliance
Proliance stands for Professional Compliance for businesses. We are a digitally driven Legal Tech company based in Munich, established in 2017 and now with over 90 privacy enthusiasts. Our more than 2,500 clients include start-ups, medium-sized businesses, and corporate groups from almost all industries.
About us
Latest Articles

Topics you might be interested in