§ 77 Confidential reporting of violations
The controller shall ensure that it is able to receive confidential reports of violations of data protection law which have occurred in its area of responsibility.
Content of the FDPA (new)
Part 1 – Common provisions (§§ 1 - 21)
Chapter 1 - Scope and definitions
Chapter 2 – Legal basis for processing personal data
- § 3 Processing of personal data by public bodies
- § 4 Video surveillance of publicly accessible spaces
Chapter 3 – Data protection officers of public bodies
Chapter 4 – Federal Commissioner for Data Protection and Freedom of Information
- § 8 Establishment
- § 9 Competence
- § 10 Independence
- § 11 Appointment and term of office
- § 12 Official relationship
- § 13 Rights and obligations
- § 14 Tasks
- § 15 Activity reports
- § 16 Powers
Chapter 5 – Representation on the European Data Protection Board, single contact point, cooperation among the federal supervisory authorities and those of the Länder concerning European Union matters
- § 17 Representation on the European Data Protection Board, single contact point
- § 18 Procedures for cooperation among the federal and Länder supervisory authorities
- § 19 Responsibilities
Chapter 6 – Legal remedies
Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)
Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes
- § 22 Processing of special categories of personal data
- § 23 Processing for other purposes by public bodies
- § 24 Processing for other purposes by private bodies
- § 25 Transfer of data by public bodies
Sub-chapter 2 – Special processing situations
- § 26 Data processing for employment-related purposes
- § 27 Data processing for purposes of scientific or historical research and for statistical purposes
- § 28 Data processing for archiving purposes in the public interest
- § 29 Rights of the data subject and powers of the supervisory authorities in the case of secrecy obligations
- § 30 Consumer loans
- § 31 Protection of commercial transactions in the case of scoring and credit reports
Chapter 2 – Rights of the data subject
- § 32 Information to be provided where personal data are collected from the data subject
- § 33 Information to be provided where personal data have not been obtained from the data subject
- § 34 Right of access by the data subject
- § 35 Right to erasure
- § 36 Right to object
- § 37 Automated individual decision-making, including profiling
Chapter 3 – Obligations of controllers and processors
Chapter 4 – Supervisory authorities for data processing by private bodies
Chapter 5 – Penalties
- § 41 Application of provisions concerning criminal proceedings and proceedings to impose administrative fines
- § 42 Penal provisions
- § 43 Provisions on administrative fines
Chapter 6 – Legal remedies
Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)
Chapter 1 – Scope, definitions and general principles for processing personal data
Chapter 2 – Legal basis for processing personal data
- § 48 Processing of special categories of personal data
- § 49 Processing for other purposes
- § 50 Processing for archiving, scientific and statistical purposes
- § 51 Consent
- § 52 Processing on instructions from the controller
- § 53 Confidentiality
- § 54 Automated individual decision
Chapter 3 – Rights of the data subject
- § 55 General information on data processing
- § 56 Notification of data subjects
- § 57 Right of access
- § 58 Right to rectification and erasure and to restriction of processing
- § 59 Modalities for exercising the rights of the data subject
- § 60 Right to lodge a complaint with the Federal Commissioner
- § 61 Legal remedies against decisions of the Federal Commissioner or if he or she fails to take action
Chapter 4 – Obligations of controllers and processors
- § 62 Processing carried out on behalf of a controller
- § 63 Joint controllers
- § 64 Requirements for the security of data processing
- § 65 Notifying the Federal Commissioner of a personal data breach
- § 66 Notifying data subjects affected by a personal data breach
- § 67 Conducting a data protection impact assessment
- § 68 Cooperation with the Federal Commissioner
- § 69 Prior consultation of the Federal Commissioner
- § 70 Records of processing activities
- § 71 Data protection by design and by default
- § 72 Distinction between different categories of data subjects
- § 73 Distinction between facts and personal assessments
- § 74 Procedures for data transfers
- § 75 Rectification and erasure of personal data and restriction of processing
- § 76 Logging
- § 77 Confidential reporting of violations
- § 78 General requirements
- § 79 Data transfers with appropriate safeguards
- § 80 Data transfers without appropriate safeguards
- § 81 Other data transfers to recipients in third countries
Chapter 5 – Transfers of data to third countries and to international organizations
Chapter 6 – Cooperation among supervisory authorities
Chapter 7 – Liability and penalties
Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)
