§ 33 DSG NRW
Administrative offences
(1)An administrative offence is committed by anyone who, contrary to the provisions of Regulation (EU) 2016/679, this Act or another legal provision of the Land of North Rhine-Westphalia, processes protected personal data that are not publicly known,
(2)1. by collecting, storing, using, modifying, transmitting, disclosing, making available for retrieval, establishing the personal reference, or erasing, or
(3)2. by retrieving, inspecting, obtaining, or, by pretending false facts, causing their transmission or disclosure to himself or herself or to others.
(4)An administrative offence is also committed by anyone who, under the conditions referred to in sentence 1, combines individual details about personal or factual circumstances of a person who can no longer be identified with other information and thereby makes the data subject identifiable again.
(5)The administrative offence may be sanctioned with a fine of up to fifty thousand euros.
(6)The administrative authority within the meaning of Section 36(1), number 1, of the Act on Administrative Offences in the version of the announcement of 19 February 1987 (BGBl. I p. 602) in the version applicable from time to time shall be the State Commissioner for Data Protection and Freedom of Information.
(7)Administrative fines pursuant to paragraph 2 or another legal provision on the protection of personal data shall not be imposed on public bodies within the meaning of Section 5(1).