§ 45 Scope
The provisions of this Part shall apply to the processing of personal data by public bodies competent for the prevention, investigation, detection or prosecution of criminal or administrative offences or the execution of criminal or administrative penalties, as far as they process data for the purpose of carrying out these tasks. The public bodies shall be regarded in that case as controllers. The prevention of criminal offences as referred to in the first sentence shall include protection against and prevention of threats to public security. The first and second sentences shall also apply to those public bodies responsible for executing penalties, measures as referred to in Section 11 (1) no. 8 of the Criminal Code, educational or disciplinary measures as referred to in the Juvenile Court Act or fines. As far as this Part contains provisions for processors, it shall also apply to them.
Content of the FDPA (new)
Part 1 – Common provisions (§§ 1 - 21)
Chapter 1 - Scope and definitions
Chapter 2 – Legal basis for processing personal data
- § 3 Processing of personal data by public bodies
- § 4 Video surveillance of publicly accessible spaces
Chapter 3 – Data protection officers of public bodies
Chapter 4 – Federal Commissioner for Data Protection and Freedom of Information
- § 8 Establishment
- § 9 Competence
- § 10 Independence
- § 11 Appointment and term of office
- § 12 Official relationship
- § 13 Rights and obligations
- § 14 Tasks
- § 15 Activity reports
- § 16 Powers
Chapter 5 – Representation on the European Data Protection Board, single contact point, cooperation among the federal supervisory authorities and those of the Länder concerning European Union matters
- § 17 Representation on the European Data Protection Board, single contact point
- § 18 Procedures for cooperation among the federal and Länder supervisory authorities
- § 19 Responsibilities
Chapter 6 – Legal remedies
Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)
Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes
- § 22 Processing of special categories of personal data
- § 23 Processing for other purposes by public bodies
- § 24 Processing for other purposes by private bodies
- § 25 Transfer of data by public bodies
Sub-chapter 2 – Special processing situations
- § 26 Data processing for employment-related purposes
- § 27 Data processing for purposes of scientific or historical research and for statistical purposes
- § 28 Data processing for archiving purposes in the public interest
- § 29 Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
- § 30 Consumer loans
- § 31 Protection of commercial transactions in the case of scoring and credit reports
Chapter 2 – Rights of the data subject
- § 32 Information to be provided where personal data are collected from the data subject
- § 33 Information to be provided where personal data have not been obtained from the data subject
- § 34 Right of access by the data subject
- § 35 Right to erasure
- § 36 Right to object
- § 37 Automated individual decision-making, including profiling
Chapter 3 – Obligations of controllers and processors
Chapter 4 – Supervisory authorities for data processing by private bodies
Chapter 5 – Penalties
- § 41 Application of provisions concerning criminal proceedings and proceedings to impose administrative fines
- § 42 Penal provisions
- § 43 Provisions on administrative fines
Chapter 6 – Legal remedies
Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)
Chapter 1 – Scope, definitions and general principles for processing personal data
Chapter 2 – Legal basis for processing personal data
- § 48 Processing of special categories of personal data
- § 49 Processing for other purposes
- § 50 Processing for archiving, scientific and statistical purposes
- § 51 Consent
- § 52 Processing on instructions from the controller
- § 53 Confidentialitys
- § 54 Automated individual decision
Chapter 3 – Rights of the data subject
- § 55 General information on data processing
- § 56 Notification of data subjects
- § 57 Right of access
- § 58 Right to rectification and erasure and to restriction of processing
- § 59 Modalities for exercising the rights of the data subject
- § 60 Right to lodge a complaint with the Federal Commissioner
- § 61 Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
Chapter 4 – Obligations of controllers and processors
- § 62 Processing carried out on behalf of a controller
- § 63 Joint controllers
- § 64 Requirements for the security of data processing
- § 65 Notifying the Federal Commissioner of a personal data breach
- § 66 Notifying data subjects affected by a personal data breach
- § 67 Conducting a data protection impact assessment
- § 68 Cooperation with the Federal Commissioner
- § 69 Prior consultation of the Federal Commissioner
- § 70 Records of processing activities
- § 71 Data protection by design and by default
- § 72 Distinction between different categories of data subjects
- § 73 Distinction between facts and personal assessments
- § 74 Procedures for data transfers
- § 75 Rectification and erasure of personal data and restriction of processing
- § 76 Logging
- § 77 Confidential reporting of violations
- § 78 General requirements
- § 79 Data transfers with appropriate safeguards
- § 80 Data transfers without appropriate safeguards
- § 81 Other data transfers to recipients in third countries
Chapter 5 – Transfers of data to third countries and to international organizations
Chapter 6 – Cooperation among supervisory authorities
Chapter 7 – Liability and penalties
Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)