§ 75 Rectification and erasure of personal data and restriction of processing

  1. The controller shall rectify inaccurate personal data.
  2. The controller shall erase personal data without delay if their processing is unlawful, they must be erased to comply with a legal obligation, or knowledge of the data is no longer necessary for the controller to perform its tasks.
  3. Section 58 (3) to (5) shall apply accordingly. The recipient shall also be informed if inaccurate personal data have been transmitted, or if personal data have been transmitted unlawfully.
  4. Without prejudice to any time limits for storing or erasing data defined in law, the controller shall provide for appropriate time limits for the erasure of personal data or for a periodic review of the need for the storage of personal data and shall take procedural measures to ensure that these time limits are observed.

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)