Looking for an external Data Protection Officer?DATUREX GmbH Dresden
DATUREXData Protection Laws
ThürDSG — Table of Contents

§ 53 ThürDSG

Consultation of the State Commissioner for Data Protection

(1)(Article 28 of Directive (EU) 2016/680)
(2)The controller shall, prior to the commissioning of newly created filing systems, consult the State Commissioner for Data Protection where 1. a data protection impact assessment pursuant to Section 52 indicates that the processing would result in a high risk to the rights of the data subjects if the controller takes no remedial measures, or 2. the form of the processing, in particular where new technologies, mechanisms or procedures are used, results in a substantial risk to the rights of the data subjects. The State Commissioner for Data Protection may draw up a list of processing operations that are subject to the duty of consultation pursuant to sentence 1.
(3)In the case of paragraph 1, the following shall be submitted to the State Commissioner for Data Protection: 1. the data protection impact assessment carried out pursuant to Section 52, 2. where applicable, information on the respective responsibilities of the controller, joint controllers and processors involved in the processing, 3. information on the purposes and means of the intended processing, 4. information on the measures and safeguards provided for the protection of the rights of the data subjects, and 5. the name and contact details of the data protection officer. Upon request, all other information necessary for the State Commissioner to assess the lawfulness of the processing and, in particular, the risks to the protection of the personal data of the data subjects and the related safeguards shall also be submitted.
(4)Where the State Commissioner for Data Protection is of the opinion that the planned processing would contravene statutory requirements, in particular because the controller has not sufficiently identified the risk or has not taken sufficient remedial measures, he or she may, within a period of six weeks after initiation of the consultation, submit written recommendations to the controller and, where applicable, the processor as to what measures should still be taken. The State Commissioner for Data Protection may extend this period by one month where the planned processing is particularly complex. In this case, the controller and, where applicable, the processor shall be informed of the extension within one month after initiation of the consultation.
(5)Where the intended processing is of significant importance to the controller's performance of tasks and is therefore particularly urgent, the controller may commence processing before receiving the written recommendations of the State Commissioner for Data Protection. In this case, the recommendations of the State Commissioner for Data Protection shall be taken into account retrospectively, and the nature and manner of the processing shall be adapted where necessary. zur Einzelansicht § 53 Fourth Sub-Section Data Security
Source:
https://landesrecht.thueringen.de/bsth/document/jlr-DSGTHrahmen
Citation:
GVBl. TH 2018 S. 229
As of:
2024-01-01
Retrieved:
2026-02-28