§ 20 SDSG
Exercise of the powers of the State Commissioner for Data Protection
(1)pursuant to Article 58 of Regulation (EU) 2016/679; other powers
(2)The powers of the State Commissioner for Data Protection pursuant to Article 58 of Regulation (EU) 2016/679 shall relate to the monitoring of compliance with the provisions of Regulation (EU) 2016/679, this Act and other data protection provisions, as well as to violations of these provisions.
(3)1In addition to the powers pursuant to Article 58(1) to (3) of Regulation (EU) 2016/679, the State Commissioner for Data Protection may, in the case of violations within the meaning of paragraph 1, issue a formal objection requesting a statement within a specified period. 2At the same time, the competent legal or specialist supervisory authority shall be notified. 3The formal objection pursuant to sentence 1 should also set out the measures that are to remedy the violations. 4The statement shall be submitted by the controller to the State Commissioner for Data Protection and to the competent specialist and legal supervisory authority.
(4)1The powers pursuant to Article 58 of Regulation (EU) 2016/679 and pursuant to paragraph 2 of this provision shall be exercised by the State Commissioner for Data Protection vis-a-vis the controller. 2For municipalities and municipal associations, as well as other legal persons under public law subject to the supervision of the Land and associations within the meaning of Section 2(1), the State Commissioner for Data Protection shall exercise the powers pursuant to Article 58 of Regulation (EU) 2016/679 and pursuant to paragraph 2 of this provision vis-a-vis the authorised representative body.
(5)1Public bodies shall be obligated to support the State Commissioner for Data Protection and his or her representatives in the fulfilment of their tasks. 2In particular, they shall 1. provide information in response to his or her questions, as well as grant access to all records and documents related to the processing of personal data, 2. grant unimpeded access at all times, including unannounced, to all official premises. 3In the cases referred to in Section 3(1), the powers pursuant to sentences 1 and 2 may only be exercised by the State Commissioner for Data Protection in person where the supreme Land authority determines in the individual case that the security of the Federation or a Land so requires. 4In such case, personal data of a data subject who has been given a special assurance of confidentiality by the data processing body need not be disclosed to the Commissioner either.
(6)1The State Commissioner for Data Protection shall be responsible, within the scope of the tasks assigned to him or her by Section 16(1) and (2), for the prosecution and sanctioning of administrative offences. 2The power to impose fines shall only be vested in the State Commissioner vis-a-vis authorities and public bodies insofar as they participate in competition as public-law enterprises.
(7)The State Commissioner for Data Protection may make recommendations for the improvement of data protection, and may in particular advise the state parliament, the state government and other public bodies on matters of data protection.
(8)At the request of the state parliament, its Petitions Committee or the committee responsible for data protection, the State Commissioner for Data Protection may furthermore follow up on indications concerning matters and proceedings that directly relate to his or her area of responsibility.
(9)The state parliament, its committees and the state government may request the State Commissioner for Data Protection to provide expert opinions and statements or to conduct investigations on data protection matters. zur Einzelansicht § 20