§ 35 NDSG
Requirements for automated data processing, logging
(1)In the case of automated processing, the controller shall, on the basis of a risk assessment pursuant to § 34(1) and (2), take measures which, depending on the type of data and their use, are designed to
(2)deny unauthorised persons access to the processing equipment (access control),
(3)prevent the unauthorised reading, copying, alteration or removal of data carriers (data carrier control),
(4)prevent the unauthorised input of personal data into the storage and the unauthorised inspection, alteration or erasure of stored personal data (storage control),
(5)prevent the use of data processing systems by means of data transmission equipment by unauthorised persons (user control),
(6)ensure that persons authorised to use a data processing system have access only to the data covered by their access authorisation (access rights control),
(7)ensure that it is possible to verify and ascertain to which bodies personal data have been or may be transmitted or made available by means of data transmission equipment (transmission control),
(8)ensure that it is possible to verify and ascertain subsequently which personal data were entered or altered in automated data processing systems, at what time and by whom (input control),
(9)ensure that personal data are protected against accidental destruction or loss (availability control),
(10)ensure that data processed on behalf of others can only be processed in accordance with the instructions of the client (order control),
(11)ensure that data cannot be unauthorisedly read, copied, altered or erased during transmission or during the transport of data carriers (transport control),
(12)organise the internal structure of the authority or undertaking in such a way that it meets the specific requirements of data protection (organisational control),
(13)ensure that systems used can be restored in the event of disruption (recoverability),
(14)ensure that all functions of the system are available and that malfunctions are reported (reliability),
(15)ensure that stored personal data cannot be corrupted by system malfunctions (data integrity).
(16)In automated data processing systems, the controller shall log at least the following processing operations:
(17)alteration,
(18)disclosure including transmission,
(19)combination, and
(20)of the personal data.
(21)The logs of consultations and disclosures must make it possible to establish the justification, the date and time of such operations, and, as far as possible, the identification of the person who consulted or disclosed the personal data, and the identity of the recipient of such personal data.
(22)1The log data may be used exclusively for
(23)criminal proceedings,
(24)ensuring data security or the proper operation of a data processing system,
(25)the review of the lawfulness of data processing by the data protection officer or by the authority headed by the Land Commissioner for Data Protection.
(26)2The controller shall make the logs available to the authority headed by the Land Commissioner for Data Protection upon request. 3The log data shall be erased at the end of the year following the year in which they were generated.