The PTD, which is to be implemented into national law from June 2026, aims to reduce the gender pay gap by making gender-linked wage differences more visible. While this should lead to greater fairness, it is still necessary to ensure compliance with existing data protection rules and measures.  

One requirement of the PTD is the obligation for employers to disclose salary information. However, this obligation of transparency conflicts with data protection law, which ensures the protection of personal data and privacy. The PTD explicitly emphasises that any data processing that is required under its framework must comply with the requirements of the GDPR. 

Salary data of individual employees is not classed as being “special categories of personal data” within the meaning of the GDPR. Nevertheless, its disclosure is likely to violate the privacy of those affected. Salary information is therefore still considered to be particularly in need of protection.  

The aim of the GDPR is to protect personal data. It establishes the principle of data minimisation, according to which only as much personal data as is absolutely necessary may be processed. Further, the data collected may only be used for the purpose of pay transparency under the GDPR’s purpose limitation principle. This is also expressly confirmed in the PTD itself under Article 12(2). Finally, the protection of privacy is enshrined at the constitutional level in Germany.   

The PTD explicitly refers to compliance with the GDPR and grants Member States leeway to restrict access to sensitive data. For example, it can be stipulated that specific salary information of individual employees may only be disclosed to specific recipients, such as employee representatives, supervisory authorities, or equality bodies. 

In any case, if the salary data allows conclusions to be drawn about individual persons, there must be a legal basis for its disclosure.  Usually this is the ‘fulfilment of a legal obligation’ basis as follows from the requirements of the relevant national law that transposes the PTD. 

Even if a legal basis for data processing exists, a balancing of interests must always be carried out: the information needs of individual employees or the general public must be balanced against the right to privacy of those affected. This balancing act is particularly delicate in small businesses because individuals can easily be identified behind established pay comparison groups. 

Where there is a right to information about salaries, this inevitably conflicts with the protection of the privacy of the individuals concerned. Employers must therefore only disclose what is absolutely necessary. 

The PTD grants works councils and other employee representative bodies extensive information and inspection rights, although the directive leaves the specific details of these rights open. In fact, works councils have more extensive rights under the PTD than they do under current national law. Under German legislation, only committees (a smaller group of works council members), or the works council’s chairperson (in the case of smaller companies where there are no committees) are permitted to have access to employee payroll information. Even then, their access to this data is restricted to a right of ‘insight’; they do not have a right to receive the data.  

 Either way, the GDPR must also be observed when “cooperating with employee representatives,” as the PTD states. Employers should ensure that representative bodies only receive data that is absolutely necessary for them to perform their duties. This avoids unnecessary disclosures of personal data without jeopardising the actual purpose of pay transparency.

Once the directive is transposed, employers will need to comply with the obligation to disclose salary information in accordance with the PTD, whether by providing information to the requesting employee or at least to the relevant employee representatives. To resolve the above tension in a data protection-compliant manner, a structured approach is recommended: 

• Analysis of the legal basis: which obligation must be fulfilled and to what extent must be examined in each individual case. 

• Data protection impact assessment: Determine the risks associated with disclosure (e.g. identifiability of individuals) and how these can be mitigated. 

• Access concepts: Define who has access to which data and for which purposes. Clear roles and authorisations are particularly important when processing salary information. 

• Anonymisation and pseudonymisation: Where possible, data should only be shared in aggregate form so that individual salaries are not recognisable. 

• Documentation: All steps and decisions must be documented in order to be able to prove, in case of any doubt or challenge, that the data protection requirements have been complied with. 

The PTD requires sensitive handling of personal data. Employers must fulfil transparency obligations, but must not violate data protection regulations.  

Balancing the interests of disclosure obligations and privacy protection remains a challenge. A data protection-friendly implementation of the PTD therefore requires a precise approach, clear internal regulations, and careful consideration of each individual case. Legally compliant implementation is successful if all relevant aspects—from group anonymisation and strict purpose limitation to internal access regulations—are carefully reviewed and documented in advance.