§ 56 Notification of data subjects

  1. If special legislation provides for or requires notifying data subjects of the processing of their personal data, especially in the case of undercover operations, such notification shall include at least the following information:
    1. the information listed in Section 55;
    2. the legal basis for the processing;
    3. the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
    4. the categories of recipients of the personal data, if any;
    5. where necessary, further information, in particular where the personal data were collected without the knowledge of the data subject.
  2. In the cases of subsection 1, the controller may postpone, limit or refrain from notification if and so long as
    1. the performance of the tasks listed in Section 45,
    2. public security, or
    3. the legally protected interests of third parties
  3. would otherwise be threatened, if the interest in avoiding these threats overrides the interest of the data subject in the information.

  4. If the notification relates to the transfer of personal data to the authorities for the protection of the Constitution, the Federal Intelligence Service, the Military Counterintelligence Service and, as far as the security of the Federation is affected, other authorities of the Federal Ministry of Defence, such notification shall be permitted only with the approval of these bodies.
  5. Section 57 (7) shall apply accordingly in case of restriction pursuant to subsection

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)