Part 1
Teil 2
Sub-chapter 1
- § 22Processing of special categories of personal data
- § 23Processing for other purposes by public bodies
- § 24Processing for other purposes by private bodies
- § 25Transfer of data by public bodies
- § 26Data processing for employment-related purposes
- § 27Data processing for purposes of scientific or historical research and for statistical purposes
- § 28Data processing for archiving purposes in the public interest
- § 29Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
- § 30Consumer loans
- § 31Protection of commercial transactions in the case of scoring and credit reports
Sub-Chapter 2
- § 32Information to be provided where personal data are collected from the data subject
- § 33Information to be provided where personal data have not been obtained from the data subject
- § 34Right of access by the data subject
- § 35Right to erasure
- § 36Right to object
- § 37Automated individual decision-making, including profiling
Teil 3
- § 55General information on data processing
- § 56Notification of data subjects
- § 57Right of access
- § 58Right to rectification and erasure and to restriction of processing
- § 59Modalities for exercising the rights of the data subject
- § 60Right to lodge a complaint with the Federal Commissioner
- § 61Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
- § 62Processing carried out on behalf of a controller
- § 63Joint controllers
- § 64Requirements for the security of data processing
- § 65Notifying the Federal Commissioner of a personal data breach
- § 66Notifying data subjects affected by a personal data breach
- § 67Conducting a data protection impact assessment
- § 68Cooperation with the Federal Commissioner
- § 69Prior consultation of the Federal Commissioner
- § 70Records of processing activities
- § 71Data protection by design and by default
- § 72Distinction between different categories of data subjects
- § 73Distinction between facts and personal assessments
- § 74Procedures for data transfers
- § 75Rectification and erasure of personal data and restriction of processing
- § 76Logging
- § 77Confidential reporting of violations
Teil 4
FDPA Part 3 - § 70
Records of processing activities
- The controller shall keep a record of all categories of processing activities under its responsibility. This record shall contain all of the following information:
- the name and contact details of the controller and, where applicable, of the joint controller; and the name and contact details of the data protection officer;
- the purposes of the processing;
- the categories of recipients to whom the personal data have been or are to be disclosed;
- a description of the categories of data subjects and of the categories of personal data;
- where applicable, the use of profiling;
- where applicable, the categories of transfers of personal data to bodies in a third country or to an international organization;
- information about the legal basis for the processing;
- the envisaged time limits for the erasure or for a review of the need to store the various categories of personal data; and
- a general description of the technical and organizational security measures referred to in Section 64.
- The processor shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing
- the name and contact details of the processor, of each controller on behalf of which the processor is acting and, where applicable, the data protection officer;
- where applicable, transfers of personal data to bodies in a third country or to an international organization, including the identification of that third country or international organization; and
- a general description of the technical and organizational security measures according to Section 64.
- The records referred to in subsections 1 and 2 shall be in writing or in electronic form.
- Controllers and processors shall make these records available to the Federal Commissioner on request.
Quelle: Bundesamt für Justiz
