§ 15 ThürDSG
Tasks of the data protection officer
(1)(Article 39 of Regulation (EU) 2016/679, Article 34 of Directive (EU) 2016/680)
(2)The data protection officer shall perform the tasks pursuant to Article 39 of Regulation (EU) 2016/679. In doing so, he or she shall monitor compliance with Regulation (EU) 2016/679, this Act and other data protection provisions.
(3)The data protection officer shall have the right to inspect the record of all processing activities. Before the initial commissioning of a processing activity, the record shall be submitted to the data protection officer with the opportunity to comment on the corresponding entry. Furthermore, the data protection officer shall be involved in the assessment of risk pursuant to Article 35(1) of Regulation (EU) 2016/679 or Section 52 and in the examination of whether a data protection impact assessment is to be carried out for a specific processing operation.
(4)Without prejudice to paragraph 1, the data protection officer shall, in connection with processing activities within the scope of application of Section 31, have the following tasks: 1. informing and advising the public body and the employees who carry out processing operations regarding their obligations under this Act, the legal provisions adopted in transposition of Directive (EU) 2016/680 and other data protection provisions, 2. monitoring compliance with this Act, the legal provisions adopted in transposition of Directive (EU) 2016/680 and other data protection provisions, as well as the strategies of the public body for the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations and the related audits, 3. advice in connection with the data protection impact assessment and monitoring its implementation pursuant to Section 52, 4. cooperation with the State Commissioner for Data Protection, and 5. acting as the contact point for the State Commissioner for Data Protection in matters relating to processing, including the prior consultation pursuant to Section 53, and providing advice on all other data protection matters where applicable.
(5)The data protection officer shall, in the performance of his or her tasks, give due regard to the risk associated with the processing operations, taking into account the nature, scope, context and purposes of the processing. zur Einzelansicht § 15 Second Section Provisions for Processing for Purposes pursuant to Article 2 of Regulation (EU) 2016/679 First Sub-Section Legal Bases for Processing