Germany

1. GDPR
According to Articles 51 (1), 52 (1), 54 (1) lit. a GDPR each member state shall provide one or more independent public supervisory. According to section 40 German Federal Data Protection Act (BDSG) the federal state authorities shall supervise data protection in the not public sector, therefore, private business. Germany has 16 federal states: identification, addresses etc. can be found at https://www.was-ist-datenschutz.de/fuer-betroffene/aufsichtsbehoerden-da.... Which supervisory authority is locally in charge depends from the place of business of the person or legal entity who´s activity is subject to the applicability of GDPR.
The tasks, competences and administrative fines and penalties of the supervisory authorities are substantial so that it necessary to directly refer to Articles 57, 58, 61, 62, 83, 84 GDPR itself. The legal risks of data protection violations are extensive.
The data subject has direct claims against the data controller based on Article 82 GDPR including a claim for damages.
2. German Federal Data Protection Act (BDSG), in force since May 25, 2017
According to section 40 BDSG the federal state authorities shall supervise data protection in the not public sector, therefore private business, also as far as data protection is governed by BDSG e.g. data protection in labor law, section 26 BDSG. Germany has 16 federal states: identification, addresses etc. can be found at https://www.was-ist-datenschutz.de/fuer-betroffene/aufsichtsbehoerden-da.... Which supervisory authority is charge depends from the place of business of the person or legal entity who´s activity is subject to the applicability of BDSG.
The tasks and competences of the supervisory authorities are subject of the sections in BDSG themselves. Administrative fees and penalties are regulated by sections 41, 42, 43 BDSG.
The data subject may have direct claims against the data controller based on section 83 BDSG including a claim for damages.
3. TMG
According to section 40 BDSG the federal state authorities shall supervise data protection in the not public sector, therefore private business, also as far as data protection is governed by TMG e.g. data protection in e-commerce, sections 11 to 15 lit.a TMG. Germany has 16 federal states: identification, addresses etc. can be found at https://www.was-ist-datenschutz.de/fuer-betroffene/aufsichtsbehoerden-da.... Which supervisory authority is locally in charge depends from the place of business of the person or legal entity who´s activity is subject to the applicability of TMG.
Administrative fees are regulated in section 16 TMG and administrative fees are up to 50,000 €. It is in question if it is lex specialies to GDPR or GDPR applies complementary.
4. TKG
Section 109 lit. a TKG requires that the providor has to inform in case of a data breach the Federal Network Agency (German Bundesnetzagentur) and the Federal Data Protection Commissioner.
Bundesnetzagentur für Elektrizität, Gas, Telekommunikation, Post und Eisenbahnen
Tulpenfeld 4
53113 Bonn
Telefon: 0228 14-0
Fax: 0228 14-8872
info@bnetza.de

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstr. 30
53117 Bonn
Telefon: +49 (0)228 997799-0
Fax: +49 (0)228 997799-5550
Tasks and competences are enlisted in sections 116, 126 to 131 TKG. Administrative fees and penalties are regulated by sections 148, 149 TKG.