§ 19 HmbDSG
Competence
(1)The Hamburg Commissioner for Data Protection and Freedom of Information shall be the supervisory authority within the meaning of Article 51(1) of Regulation (EU) 2016/679.
(2)The Commissioner for Data Protection and Freedom of Information shall monitor compliance with data protection provisions by the public bodies referred to in Section 2(1) and by other bodies insofar as they have submitted to the Commissioner's supervision on the basis of statutory provisions. The Commissioner shall also be the competent supervisory authority pursuant to Section 40 of the Federal Data Protection Act for the data processing of non-public bodies.
(3)The Parliament and the Court of Audit shall be subject to supervision by the Hamburg Commissioner for Data Protection and Freedom of Information only insofar as they are engaged in administrative activities. With regard to the Court of Audit, the Hamburg Commissioner for Data Protection and Freedom of Information shall additionally monitor whether the necessary technical and organisational measures pursuant to Article 32 of Regulation (EU) 2016/679 have been taken and are being maintained.
(4)The Hamburg Commissioner for Data Protection and Freedom of Information shall, within the scope of the tasks assigned to him or her by Article 57 of Regulation (EU) 2016/679 and by this Act, be competent for the prosecution and sanctioning of administrative offences.
(5)The Hamburg Commissioner for Data Protection and Freedom of Information shall be competent for the accreditation of certification bodies pursuant to Article 43 of Regulation (EU) 2016/679.
(6)For the supervision of the processing of personal data in the context of the administration of taxes regulated by Land law, the Federal Commissioner for Data Protection and Freedom of Information shall be competent insofar as the data processing is based on taxation principles regulated by federal law or on federally uniform determinations.
(7)The Hamburg Commissioner for Data Protection and Freedom of Information shall be the supervisory authority within the meaning of Section 113, sentence 1, of the Interstate Media Treaty of 14 April to 28 April 2020 (HmbGVBl. p. 434), last amended on 27 February and 7 March 2024 (HmbGVBl. p. 162), as amended from time to time, and the competent supervisory authority for digital services within the meaning of Section 1(1), number 8, second half-sentence, of the Telecommunications and Digital Services Data Protection Act (TDDDG) of 23 June 2021 (BGBl. 2021 I p. 1982, 2022 I p. 1045), last amended on 12 July 2024 (BGBl. I No 234, p. 1, 19), as amended from time to time. With regard to the powers of the Hamburg Commissioner for Data Protection and Freedom of Information in the context of supervisory activities concerning compliance with the provisions of the Telecommunications and Digital Services Data Protection Act, Article 58 of Regulation (EU) 2016/679 shall apply mutatis mutandis. The Hamburg Commissioner for Data Protection and Freedom of Information shall be the administrative authority within the meaning of Section 36(1), number 1, of the Act on Administrative Offences in the version of 19 February 1987 (BGBl. I p. 603), last amended on 12 July 2024 (BGBl. I No 234, p. 1, 6), as amended from time to time, in the cases of Section 28(1), numbers 10 to 13, TDDDG. The competence pursuant to Section 28(3), number 2, TDDDG shall remain unaffected. zur Einzelansicht § 19