Data protection; information, advice and monitoring in public bodies

All Bavarian authorities and other Bavarian public bodies (e.g. municipalities, district offices, governments, district hospitals) that process personal data must appoint an official data protection officer. It is possible for several public bodies to appoint a joint data protection officer, who does not have to be an employee of the responsible bodies and can also be represented and supported by other persons. The contact details of the data protection officer must be published in an easily accessible manner; the name of the data protection officer does not have to be included in the publication.

The data protection officer has the following statutory duties:

• Information and advice
  The data protection officer informs and advises the controller and the employees who carry out processing operations with regard to their obligations under data protection law and is involved in all matters relating to the protection of personal data
• Monitoring
  The data protection officer monitors compliance with the data protection regulations and strategies of the controller for the protection of personal data
• Advice on data protection impact assessments
  The data protection officer advises the controller on request in connection with a data protection impact assessment and monitors its implementation
• Cooperation with the supervisory authority
  The Data Protection Officer cooperates with the data protection supervisory authority and is its point of contact for data protection issues
• Support for data subjects
  Data subjects can consult the data protection officer on all matters relating to the processing of their data and the exercise of their rights under the General Data Protection Regulation
• Opinion prior to the use of automated procedures
  The data protection officer must be given the opportunity to comment prior to the use of or a significant change to an automated procedure with which personal data is processed
• Statement on planned video surveillance
  Public bodies must inform the data protection officer in good time before using video surveillance and give him the opportunity to comment

Transfer of further tasks

The following tasks of the controller under the GDPR are eligible for transfer to the data protection officer:

• Implementing the reporting of data breaches to the supervisory authority
• Coordination in the implementation of the rights of data subjects pursuant to Art. 12 et seq. of the GDPR.

• Bavarian Data Protection Act (BayDSG)
• General Data Protection Regulation (GDPR)
• Art. 37-39 General Data Protection Regulation (GDPR)
• Federal Data Protection Act (BDSG)

• The Bavarian State Commissioner for Data Protection

• Representative of the municipality; appointment or election