§ 9 LDSG RP
Data Protection Impact Assessment
(1)A data protection impact assessment pursuant to Article 35 of the General Data Protection Regulation by the controller may be dispensed with insofar as 1. such an assessment has already been carried out for the processing operation by the competent ministry or a public body authorised by it and this processing operation is adopted essentially without change, or 2. the specific processing operation is regulated in a legal provision and a data protection impact assessment was already carried out in the course of the legislative process, unless otherwise provided for in the legal provision. The ministries shall make available to the public bodies the results of the data protection impact assessments carried out by them and by the public bodies authorised by them.
(2)Where a public body develops an automated procedure intended for use by public bodies, it may, if the conditions of Article 35(1) of the General Data Protection Regulation are met in respect of that procedure, carry out the data protection impact assessment pursuant to Articles 35 and 36 of the General Data Protection Regulation. Insofar as the procedure is adopted essentially without change by other public bodies, a further data protection impact assessment by the adopting public bodies may be dispensed with. zur Einzelansicht § 9