Privacy
Source: BUS Rheinland-PfalzTechnological progress enables the collection of personal data to be ever faster and more extensive. Both public authorities and the private sector process a lot of information about applicants and their customers. Name, address and birth data are stored as well as information, e.g. on purchasing behaviour or income. As a citizen, it is becoming increasingly difficult for you to keep track of who is storing data about you, what information it is and whether this data processing is permitted.
The task of data protection is to protect individuals from their right to informational self-determination being impaired by the use of their personal data.
Public sector: In the public sector, the right to informational self-determination acts as a right of defence vis-à-vis the state and offers protection against inadmissible processing of your data by state and municipal authorities. The independent control of the public authorities in Rhineland-Palatinate is ensured by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate.
Non-public area: In the non-public sector, the right to informational self-determination offers protection against inadmissible processing of your data by all entities that are not attributed to the public sector, e.g. commercial enterprises, freelancers, associations, etc. The independent control of non-public bodies in Rhineland-Palatinate is also ensured by the State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate.
data protection officer is responsible for supporting public bodies in the implementation of the LDSG and other data protection regulations.
His primary statutory task is therefore to provide advice. He is not assigned any supervisory tasks.
The data protection officer must work towards compliance with data protection regulations in automated data processing procedures. This applies not only with regard to the technical and organizational requirements pursuant to Section 9 LDSG, but also if a procedure involves the assessment of individual personal characteristics. This is because decisions that have legal consequences for the data subjects or significantly affect them must not be left to a computer program (Section 5 (5) LDSG). The data protection officer must therefore check whether the procedure in question complies with the ban on automated individual decisions.
According to Section 11 (5) sentence 2 LDSG, data subjects (e.g. whistleblowers, employees of the responsible body, persons whose data is being processed) can contact the data protection officer at any time. The data protection officer is then obliged to examine the request and communicate the result of his or her examination. In cases of doubt, the data protection officer may contact the State Commissioner for Data Protection .
The data protection officer is obliged to maintain confidentiality regarding the identity of the data subject, unless he or she is exempted from this obligation by the data subject (Section 11 (2) LDSG). The confidentiality of the data protection officer must be ensured by technical and organizational data protection measures. This includes ensuring that mail addressed to him or her in his or her function as data protection officer is forwarded directly and unopened.
The head of the authority can only request that the data protection officer submits to it any processes that are not covered by the duty of confidentiality. The obligation under Section 11 (2) is only one of several confidentiality obligations incumbent on the data protection officer. It goes without saying that he must also observe data secrecy in accordance with Section 8 LDSG and official confidentiality obligations.