Germany’s church data overhaul quietly bans the fax machine

If there is one place in Germany you would expect a fax machine to keep humming away forever, it is a Catholic parish office. The reformed Gesetz über den Kirchlichen Datenschutz (KDG), Germany’s church data protection law, has other ideas. According to ad-hoc-news.de, the rewritten law took effect on 1 March 2026 and adds fax to a short, blunt list of channels parishes can no longer use to send personal data.

The bit about fax

The KDG governs how Germany’s Catholic dioceses handle personal data. It runs in parallel to the country’s secular data rules, with its own data-protection commissioners and its own penalties. The reform tightens almost everything at once, and tucked inside the package is the line that caught our eye: "fax machines can no longer be used to transmit personal data."

That is a small sentence with a big radius. Parish registers, baptism records, donor lists, Caritas casework, marriage paperwork – all of it has historically moved between dioceses, registry offices, and care homes by fax. The new rule does not just discourage that. It closes the channel.

What else the KDG changed

The fax ban arrives as part of a broader compliance overhaul. The same reform now requires:

  • multi-factor authentication on sensitive databases
  • a ban on staff and volunteers using private laptops, phones, or storage devices for official work
  • a lower bar for appointing a data protection officer, now any organisation with at least 20 employees

Volunteers get their own clause. Anyone in a Catholic parish who handles personal data now has to sign a written confidentiality pledge under § 5 Abs. 2 KDG. That includes the catechist with a class roster, the choir director with a contact sheet, and the Pfarrgemeinderat member with meeting notes.

The penalties are set high enough to make the rules stick. Violations can cost up to €1 million or four percent of worldwide annual turnover, whichever is higher, capped at €3 million. The "worldwide turnover" framing reads oddly for a parish. It is borrowed almost word for word from GDPR, the EU’s general data protection law, and signals that the rules are meant to bite at the diocese level too.

Why it matters

What is striking is the order things are happening in. Germany’s federal ministries still run roughly 1,400 fax machines. The Bundestag has only recently committed to retire its own. And yet it is the Catholic church, one of the institutions you would most expect to anchor Germany’s long-running attachment to the fax line, that has now written the parish fax out of its own rulebook first.

The KDG does not, of course, ban people from owning a fax machine. It removes it from the list of approved channels for personal data, which in a parish office is most of what gets sent. For a volunteer who suddenly needs to move a one-off document to a diocese without setting up new systems, one alternative is something like a send fax from computer service that produces a clean transmission record.