Service content
Description of the
All Bavarian authorities and other Bavarian public bodies (e.g. municipalities, district offices, governments, district hospitals) that process personal data must appoint an official data protection officer. It is possible for several public bodies to appoint a joint data protection officer, who does not have to be an employee of the responsible bodies and can also be represented and supported by other persons. The contact details of the data protection officer must be published in an easily accessible manner; the name of the data protection officer does not have to be included in the publication.
The Data Protection Officer has the following statutory duties:
- Information and advice
The Data Protection Officer provides information and advice to the controller and to staff involved in processing regarding their obligations under data protection law; he or she is involved in all matters relating to the protection of personal data - Monitoring
The Data Protection Officer monitors compliance with data protection regulations and the data protection policies of the data controller - Advice on data protection impact assessments
The data protection officer advises the controller, upon request, on matters relating to a data protection impact assessment and monitors its implementation - Cooperation with the supervisory authority
The Data Protection Officer cooperates with the data protection supervisory authority and acts as its point of contact for matters relating to data protection law - Support for data subjects
Data subjects may consult the Data Protection Officer on any matters relating to the processing of their data and the exercise of their rights under the General Data Protection Regulation - Consultation prior to the use of automated processes
Before an automated process used to process personal data is put into use or undergoes a significant change, the Data Protection Officer must be given the opportunity to comment - Statement on planned video surveillance
Public bodies must inform the Data Protection Officer in good time before implementing video surveillance and give him the opportunity to comment
Transfer of further tasks
The following tasks of the controller under the GDPR are eligible for transfer to the data protection officer:
- Implementing the reporting of data breaches to the supervisory authority
- Coordination in the implementation of the rights of data subjects in accordance with Art. 12 et seq. of the GDPR.
- Information and advice
Legal basis
Further links