Chapter 1 - Legal basis for processing personal data
Sub-chapter 1 - Processing of special categories of personal data and processing for other purposes
Section 22 - Processing of special categories of personal dataSection 23 - Processing for other purposes by public bodiesSection 24 - Processing for other purposes by private bodiesSection 25 - Transfer of data by public bodies
Sub-chapter 2 - Special processing situations
Section 26 - Data processing for employment-related purposesSection 27 - Data processing for purposes of scientific or historical research and for statistical purposesSection 28 - Data processing for archiving purposes in the public interestSection 29 - Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligationsSection 30 - Consumer loansSection 31 - Protection of commercial transactions in the case of scoring and credit reports
Chapter 2 - Rights of the data subject
Section 32 - Information to be provided where personal data are collected from the data subjectSection 33 - Information to be provided where personal data have not been obtained from the data subjectSection 34 - Right of access by the data subjectSection 35 - Right to erasureSection 36 - Right to objectSection 37 - Automated individual decision-making, including profiling
Chapter 3 - Obligations of controllers and processors
Section 38 - Data protection officers of private bodiesSection 39 - Accreditation
Chapter 4 - Supervisory authorities for data processing by private bodies
Section 40 - Supervisory authorities of the Länder
Chapter 5 - Penalties
Section 41 - Application of provisions concerning criminal proceedings and proceedings to impose administrative finesSection 42 - Penal provisionsSection 43 - Provisions on administrative fines
Chapter 6 - Legal remedies
Section 44 - Proceedings against a controller or processor

Chapter 1 - Scope, definitions and general principles for processing personal data
Section 45 - ScopeSection 46 - DefinitionsSection 47 - General principles for processing personal data
Chapter 2 - Legal basis for processing personal data
Section 48 - Processing of special categories of personal dataSection 49 - Processing for other purposesSection 50 - Processing for archiving, scientific and statistical purposesSection 51 - ConsentSection 52 - Processing on instructions from the controllerSection 53 - ConfidentialitySection 54 - Automated individual decision
Chapter 3 - Rights of the data subject
Section 55 - General information on data processingSection 56 - Notification of data subjectsSection 57 - Right of accessSection 58 - Right to rectification and erasure and to restriction of processingSection 59 - Modalities for exercising the rights of the data subjectSection 60 - Right to lodge a complaint with the Federal CommissionerSection 61 - Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
Chapter 4 - Obligations of controllers and processors
Section 62 - Processing carried out on behalf of a controllerSection 63 - Joint controllersSection 64 - Requirements for the security of data processingSection 65 - Notifying the Federal Commissioner of a personal data breachSection 66 - Notifying data subjects affected by a personal data breachSection 67 - Conducting a data protection impact assessmentSection 68 - Cooperation with the Federal CommissionerSection 69 - Prior consultation of the Federal CommissionerSection 70 - Records of processing activitiesSection 71 - Data protection by design and by defaultSection 72 - Distinction between different categories of data subjectsSection 73 - Distinction between facts and personal assessmentsSection 74 - Procedures for data transfersSection 75 - Rectification and erasure of personal data and restriction of processingSection 76 - LoggingSection 77 - Confidential reporting of violations
Chapter 5 - Transfers of data to third countries and to international organisations
Section 78 - General requirementsSection 79 - Data transfers with appropriate safeguardsSection 80 - Data transfers without appropriate safeguardsSection 81 - Other data transfers to recipients in third countries
Chapter 6 - Cooperation among supervisory authorities
Section 82 - Mutual assistance
Chapter 7 - Liability and penalties
Section 83 - CompensationSection 84 - Penal provisions

  • Home
  • Germany BDSG
  • Tags
  • Processors
Section 9
(1) The Federal Commissioner shall be competent to supervise the public bodies of the Federation, also if they take part in competition as enterprises governed by public law. The provisions of this chapter shall also apply to processors if they are private bodies in which the Federation holds the absolute majority of shares or controls the absolute majority of votes and they process data on behalf of a public body of the Federation
Section 14
4. to promote the awareness of controllers and processors of their obligations under this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680;
Section 22
5. restrictions on access to personal data within the controller and by processors;
Section 29
(3) The supervisory authorities shall not have the investigative powers according to Article 58 (1) (e) and (f) of Regulation (EU) 2016/679 with regard to the persons listed in Section 203 (1), (2a) and (3) of the Criminal Code or their processors as far as exercising these powers would violate these persons’ obligations to secrecy. If in the context of an investigation a supervisory authority becomes aware of data subject to an obligation of secrecy as referred to in the first sentence, the obligation of secrecy shall also apply to the supervisory authority.
Section 45
The provisions of this Part shall apply to the processing of personal data by public bodies competent for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, as far as they process data for the purpose of carrying out these tasks. The public bodies shall be regarded in that case as controllers. The prevention of criminal offences as referred to in the first sentence shall include protection against and prevention of threats to public security. The first and second sentences shall also apply to those public bodies responsible for executing penalties, measures as referred to in Section 11 (1) no. 8 of the Criminal Code, educational or disciplinary measures as referred to in the Juvenile Court Act or fines. As far as this Part contains provisions for processors, it shall also apply to them.
Section 62
(2) A controller may use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the law and ensure the protection of the rights of the data subjects.
Section 62
(3) Processors shall not engage other processors without prior written authorisation by the controller. If the controller has given the processor general authorisation to engage other processors, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors. In this case, the controller may object to such changes.
Section 69
2. where applicable, information on the respective responsibilities of the controller, joint controllers and processors involved in the processing;
Section 70
(4) Controllers and processors shall make these records available to the Federal Commissioner on request.
Section 76
(1) Controllers and processors shall provide for logs to be kept for at least the following processing operations in automated processing systems: