§ 7 ThürDSG
Powers of the State Commissioner for Data Protection
(1)(Articles 58 and 83 of Regulation (EU) 2016/679, Article 47 of Directive (EU) 2016/680)
(2)The State Commissioner for Data Protection shall, for the performance of the tasks pursuant to Section 6(1), have the powers pursuant to Article 58 of Regulation (EU) 2016/679. Where the State Commissioner for Data Protection concludes that there are violations of the provisions on data protection or other deficiencies in the processing of personal data, he or she shall notify the controller thereof before exercising his or her powers pursuant to Article 58(2) of Regulation (EU) 2016/679 and shall request the controller to submit a statement within a reasonable period. The competent supreme Land authority and the supervisory authority shall be informed thereof. The statement should also contain a description of the measures taken as a result of the notifications. The State Commissioner for Data Protection may waive the requirement for a statement, in particular where the deficiencies are minor or have already been remedied.
(3)The State Commissioner shall be granted access to all offices and business premises at any time within the scope of his or her supervisory powers. The power to impose administrative fines pursuant to Article 83 of Regulation (EU) 2016/679 shall not exist vis-a-vis public bodies pursuant to Section 2(1) and (2), unless they are public bodies that participate in competition within the meaning of Section 26.
(4)The supervision of the State Commissioner for Data Protection shall also extend to personal data that are subject to professional secrecy. However, in the case of personal data in files on security clearance, this shall apply only where the data subject has not objected to the supervision of the data relating to him or her. Without prejudice to the supervisory right of the State Commissioner for Data Protection, the controller shall inform the data subject in general terms about the right of objection to which he or she is entitled. The objection shall be declared in writing to the controller.
(5)The supervision of the State Commissioner for Data Protection shall not extend to personal data that are subject to supervision by the Commission pursuant to Section 3 of the Thuringian Act Implementing the Article 10 Act in the version applicable from time to time, unless the Commission requests the State Commissioner for Data Protection to monitor compliance with data protection provisions in specific cases or specific areas and to report exclusively to it.
(6)The public bodies referred to in Section 21(3) shall have a duty to support the State Commissioner for Data Protection only vis-a-vis him or her personally and those whom he or she has specifically authorised in writing for this purpose. The duty to provide information and to grant access to premises shall not apply to these bodies insofar as the competent supreme Land authority determines in the individual case that providing information or allowing inspection of files and documents would jeopardise the security of the Federation or a Land.
(7)Where the State Commissioner for Data Protection finds violations of data protection provisions in the processing of personal data that does not fall within the scope of application of Regulation (EU) 2016/679, he or she shall object thereto vis-a-vis the controller and shall request the controller to submit a statement within a reasonable period. The competent supreme Land authority and the supervisory authority shall be informed thereof. The State Commissioner for Data Protection may refrain from objecting or waive the requirement for a statement, in particular where the deficiencies are minor or have already been remedied. The statement should also contain a description of the measures taken as a result of the objection. Where the objection is not remedied, the State Commissioner for Data Protection shall request the supreme Land authority and the supervisory authority to take appropriate measures within a reasonable period. If this is unsuccessful after expiry of this period, the State Commissioner for Data Protection shall notify the Landtag and the Land government. The State Commissioner for Data Protection may also warn the controller that intended processing operations are likely to violate provisions on data protection contained in this Act and other provisions applicable to the respective data processing. zur Einzelansicht § 7