§ 56 LDSG RP
Carrying Out a
(1)Data Protection Impact Assessment
(2)Where a form of processing, in particular using new technologies, is likely, by virtue of the nature, scope, context and purposes of the processing, to result in a high risk to the rights of data subjects, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations for data subjects (data protection impact assessment).
(3)A single data protection impact assessment may be carried out for the examination of several similar processing operations with similarly high risks.
(4)The controller shall involve the data protection officer in the carrying out of the data protection impact assessment.
(5)The data protection impact assessment shall take into account the rights of the data subjects and other affected persons and shall contain at least the following: 1. a systematic description of the envisaged processing operations and the purpose of the processing, 2. an assessment of the necessity and proportionality of the processing operations in relation to their purpose, 3. an assessment of the risks to the rights of the data subjects, and 4. the measures envisaged to address the risks, including safeguards, security measures and procedures by which the protection of personal data is ensured and compliance with legal requirements is demonstrated.
(6)Where necessary, the controller shall carry out a review as to whether the processing follows the measures resulting from the data protection impact assessment. zur Einzelansicht § 56