§ 58 NDSG
Data protection officers of public bodies
(1)1The person who is to be designated as data protection officer pursuant to Article 37 of the General Data Protection Regulation shall, for the purposes of this Part, additionally perform at least the following tasks:
(2)informing and advising the controller and the employees who carry out processing with regard to their obligations under the provisions of this Part, the legal provisions enacted for the transposition of Directive (EU) 2016/680, and other data protection provisions,
(3)monitoring compliance with the provisions of this Part, the legal provisions enacted for the transposition of Directive (EU) 2016/680, and other data protection provisions, as well as with the policies of the public body relating to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits,
(4)providing advice in connection with the data protection impact assessment and monitoring its implementation pursuant to § 39,
(5)cooperating with the authority headed by the Land Commissioner for Data Protection, and
(6)acting as a contact point for the authority referred to in number 4 on issues relating to processing, including the prior consultation referred to in § 40, and, where appropriate, providing advice on any other matters.
(7)2In organisational terms, the data protection officer shall, in the performance of tasks pursuant to sentence 1, have a position corresponding to Article 38 of the General Data Protection Regulation.
(8)1The data protection officer shall be bound by secrecy concerning the identity of the data subject and concerning the circumstances that allow conclusions to be drawn about the data subject, unless he or she is released therefrom by the data subject. 2This shall also apply after the termination of the activity as data protection officer.
(9)1Where, in the course of his or her activities, the data protection officer acquires knowledge of data for which the head of the public body or a person employed at the public body has a right to refuse to give evidence for professional reasons, that right shall also extend to the data protection officer and his or her subordinate staff. 2The decision on the exercise of that right shall be taken by the person who has the right to refuse to give evidence for professional reasons, unless such a decision cannot be obtained within a foreseeable period of time. 3Insofar as the right of the data protection officer to refuse to give evidence extends, his or her files and other documents shall be subject to a prohibition of seizure.