§ 57 LDSG RP
Consultation of the State Commissioner for
(1)Data Protection and Freedom of Information
(2)Prior to the commissioning of newly created filing systems, the controller shall consult the State Commissioner for Data Protection and Freedom of Information where 1. the data protection impact assessment under Section 56 indicates that the processing would result in a high risk to the rights of the data subjects if the controller does not take remedial measures, or 2. the form of processing, in particular through the use of new technologies, mechanisms or procedures, entails a high risk to the rights of the data subjects. The State Commissioner for Data Protection and Freedom of Information may establish a list of processing operations which are subject to the obligation of prior consultation under sentence 1.
(3)When drafting proposals for legislative and regulatory instruments concerning data processing, the State Commissioner for Data Protection and Freedom of Information shall be consulted in advance.
(4)The following shall be submitted to the State Commissioner for Data Protection and Freedom of Information in the case of paragraph 1: 1. the data protection impact assessment carried out pursuant to Section 56, 2. where applicable, information on the respective responsibilities of the controller, the joint controllers and the processors involved in the processing, 3. information on the purposes and means of the intended processing, 4. information on the measures and safeguards provided for the protection of the rights of the data subjects, 5. the name and contact details of the data protection officer. Upon request, all other information necessary for the State Commissioner to assess the lawfulness of the processing and, in particular, the risks to the protection of the personal data of the data subjects and the related safeguards shall also be transmitted.
(5)Where the State Commissioner for Data Protection and Freedom of Information is of the opinion that the planned processing would infringe legal requirements, in particular because the controller has not sufficiently identified the risk or has not taken sufficient remedial measures, he or she may submit written recommendations to the controller and, where applicable, to the processor as to which measures should still be taken, within a period of six weeks after the initiation of the consultation. The State Commissioner for Data Protection and Freedom of Information may extend this period by one month where the planned processing is particularly complex. In such cases, he or she shall inform the controller and, where applicable, the processor of the extension within one month of the initiation of the consultation.
(6)Where the intended processing is of significant importance for the fulfilment of the controller's tasks and is therefore particularly urgent, the controller may commence processing after the start of the consultation but before the expiry of the period referred to in paragraph 4 sentence 1. In such cases, the recommendations of the State Commissioner for Data Protection and Freedom of Information shall be taken into account subsequently and the manner of the processing shall be adapted accordingly, where necessary. zur Einzelansicht § 57