§ 23 DSG LSA
Tasks and powers
(1)Within the scope of application of Regulation (EU) 2016/679, the State Commissioner for Data Protection shall perform the tasks set out in Article 57 of Regulation (EU) 2016/679 in relation to all public bodies. The powers set out in Article 58 of Regulation (EU) 2016/679 shall be available to the Commissioner for that purpose. The courts shall be subject to the Commissioner's supervision only insofar as they are engaged in administrative activities.
(2)For the processing of personal data outside the scope of application of Regulation (EU) 2016/679, Articles 57 to 59 of Regulation (EU) 2016/679 shall apply mutatis mutandis, unless this Act or other legislation contains derogating rules.
(3)In addition to the powers pursuant to Article 58(1) to (3) of Regulation (EU) 2016/679, the State Commissioner for Data Protection may, where he or she assumes violations of provisions of Regulation (EU) 2016/679, this Act or other data protection provisions, request the controller or the processor to submit a statement within a specified period. In the case of municipalities, combined municipalities, districts and other corporations, institutions and state foundations governed by public law subject to the supervision of the Land, as well as associations of such corporations, institutions and foundations, the competent supervisory authority shall also be informed at the same time. The statement pursuant to sentence 1 shall also present measures intended to remedy the violations. The bodies referred to in sentence 2 shall forward a copy of their statement to the competent supervisory authority.
(4)The State Commissioner for Data Protection shall be the supervisory authority pursuant to Section 40 of the Federal Data Protection Act; in that capacity, under this Act only paragraph 5 and Sections 22 and 24(4) to (6) shall apply. Within the scope of application of Section 25, Article 58(1)(b), (c), (e) and (f) and (2)(c) to (j) of Regulation (EU) 2016/679 shall not apply.
(5)Within the scope of the tasks assigned to the State Commissioner for Data Protection by Regulation (EU) 2016/679 and by paragraph 4 as well as by national law, the Commissioner shall be the competent authority for the prosecution and sanctioning of administrative offences. The Commissioner shall be the assisting authority pursuant to Article 13(2)(a) of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of 28 January 1981 (BGBl. II 1985 p. 538, 539) in conjunction with Article 2 of the Act on the Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data of 13 March 1985 (BGBl. II p. 538).
(6)The performance of the tasks of the State Commissioner for Data Protection shall be free of administrative charges for the data subject. In the case of manifestly unfounded or, in particular in the case of frequent repetition, excessive requests, the State Commissioner for Data Protection may charge a fee or refuse to act on the basis of the request. In such a case, the State Commissioner for Data Protection shall bear the burden of proof for the manifestly unfounded or excessive nature of the request.
(7)Any person may contact the State Commissioner for Data Protection where he or she has factual indications of a violation or of the imminent occurrence of a violation of provisions of this Act or any other legal provision on data protection by a public body. No person shall be disadvantaged or reprimanded on account of having contacted the Commissioner pursuant to sentence 1. zur Einzelansicht § 23