Introduction
As organizations reopen, optimize space, or automate building systems, occupancy sensors are a common tool in 2026. In Germany their deployment requires careful attention to the EU General Data Protection Regulation (GDPR) and the national BDSG (Bundesdatenschutzgesetz). This guide helps facility managers, IT buyers, and legal teams choose occupancy sensors that respect privacy while delivering reliable spatial intelligence.
Key terms (brief)
- GDPR: EU data protection law that governs processing of personal data.
- Occupancy sensor: any device that detects presence, movement, or count of people for building use.
- Thermal sensor: detects infrared heat signatures rather than optical images.
- Personal data: information relating to an identified or identifiable person.
- Anonymization: processing that irreversibly prevents identification of individuals.
- Pseudonymization: replacing identifiers so a person cannot be identified without additional information.
Why GDPR matters for occupancy sensing in Germany
GDPR applies whenever a device collects data that can identify a person, directly or indirectly. German data protection authorities take a strict view on surveillance and monitoring in workplaces and public spaces.
- Lawful basis is required for processing (e.g., consent or legitimate interests); in workplaces consent may be unreliable due to power imbalances.
- Data Protection Impact Assessments (DPIAs) are often mandatory for systematic monitoring of public areas or large-scale processing.
- Employers must respect employee rights (access, rectification, deletion) and ensure transparency.
- Local state authorities (Landesdatenschutzbehörden) enforce compliance and can issue fines or remediation orders.
Privacy principles that must guide your purchase
Choose sensors and vendors that enable compliance with core GDPR principles and support your organisation9s accountability obligations.
- Data minimization: collect only what you need (counts vs identities).
- Purpose limitation: define and limit uses (HVAC optimization, space planning).
- Storage limitation: short retention of raw data; retain aggregates only.
- Integrity and confidentiality: strong encryption, access controls.
- Transparency: clear notices and documentation for data subjects.
- Accountability: vendor must support audits, DPIAs, and contractual safeguards.