§ 14  Tasks

  1. In addition to the tasks listed in Regulation (EU) 2016/679, the Federal Commissioner shall have the following tasks:
    1. to monitor and enforce the application of this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680;
    2. to promote public awareness and understanding of the risks, rules, safeguards and rights in relation to the processing of personal data, paying special attention to measures specifically for children;
    3. to advise the German Bundestag, the Bundesrat, the Federal Government, and other institutions and bodies on legislative and administrative measures relating to the protection of natural persons’ rights and freedoms with regard to the processing of personal data;
    4. to promote the awareness of controllers and processors of their obligations under this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680;
    5. upon request, to provide information to any data subject concerning the exercise of their rights under this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680, and if appropriate, to cooperate with the supervisory authorities in other Member States to that end;
    6. to handle complaints lodged by a data subject, or by a body, organization or association in accordance with Article 55 of Directive (EU) 2016/680, and investigate, to the extent appropriate, the subject matter of the complaint and inform the complainant of the progress and the outcome of the investigation within a reasonable period, in particular if further investigation or coordination with another supervisory authority is necessary;
    7. to cooperate with, including by sharing information, and provide mutual assistance to other supervisory authorities, to ensure the consistency of application and enforcement of this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680;
    8. to conduct investigations on the application of this Act and other data protection legislation, including legislation adopted to implement Directive (EU) 2016/680, also on the basis of information received from another supervisory authority or other public authority;
    9. to monitor relevant developments, insofar as they have an impact on the protection of personal data, in particular the development of information and communication technologies and commercial practices;
    10. to provide advice on the processing operations referred to in Section 69; and
    11. to contribute to the activities of the European Data Protection Board.

    Within the scope of Directive (EU) 2016/680, the Federal Commissioner shall also perform the task pursuant to Section 60.

  2. To carry out the task listed in subsection 1, first sentence, no. 3, the Federal Commissioner may, on request or at its own initiative, make recommendations to the German Bundestag or one of its committees, the Bundesrat, the Federal Government, other institutions and bodies and the public concerning all matters related to the protection of personal data. At the request of the German Bundestag, one of its committees or of the Federal Government, the Federal Commissioner shall also investigate data protection matters and incidents at public bodies of the Federation.
  3. The Federal Commissioner shall facilitate the submission of complaints referred to in subsection 1, first sentence, no. 6 by measures such as providing a complaint sub- mission form which can also be completed electronically, without excluding other means of communication.
  4. The performance of the duties of the Federal Commissioner shall be free of charge for the data subject. Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, the Federal Commissioner may charge a reasonable fee based on administrative costs, or refuse to act on the request. The Federal Commissioner shall bear the burden of demonstrating the manifestly unfounded or exces- sive character of the request.

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)