§ 39 Accreditation

The power to act as a certification body in accordance with Article 43 (1), first sentence of Regulation (EU) 2016/679 shall be granted by the supervisory authority of the Federation or the Länder responsible for data protection supervision of the certification body on the basis of accreditation by the German accreditation body. Section 2 (3), second sentence, Section 4 (3) and Section 10 (1), first sentence, no. 3 of the Accreditation Body Act shall apply on the condition that data protection falls within the scope of Section 1 (2), second sentence.

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)