§ 4 BbgDSG
Approval procedure and access to the record of processing activities
(1)Any processing of personal data envisaged by means of automated procedures shall require written or electronic approval prior to its commencement or prior to a material modification. In the approval declaration, it shall be confirmed that
(2)The approval shall be issued by the controller. In the case of joint procedures, the responsibility for the approval may be agreed in accordance with Article 26(1) of Regulation (EU) 2016/679. The approval declaration shall be appended to the record pursuant to Article 30 of Regulation (EU) 2016/679.
(3)Paragraph 1, sentence 1, shall not apply to
(4)The record pursuant to Article 30 of Regulation (EU) 2016/679, including the approval declaration pursuant to paragraph 1, may be inspected by any person free of charge. This shall not apply to information pursuant to Article 30(1), second sentence, point (g) and paragraph 2, point (d) of Regulation (EU) 2016/679 insofar as the security of the procedure would thereby be impaired. Sentence 1 shall not apply to
(5)insofar as the responsible body declares in the individual case that inspection is incompatible with the performance of its tasks.
(6)Einzelnorm