Responsible (data protection)

from Wikipedia, the free encyclopedia

The person responsible within the meaning of European data protection law is a natural or legal person, public authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data (Art. 4 No. 7 GDPR).

German data protection law used the term responsible body before the GDPR was implemented . It did not tie in with the decision-making authority, but with the actual handling of personal data (collection, processing and use).

The general obligations of the person responsible arise from Art. 24 GDPR. He uses suitable technical and organizational measures to ensure that personal data is processed in accordance with the GDPR. He must review and update these measures if necessary.

Specifically, the person responsible must

  • ensure that data subjects can exercise their rights under Articles 15 to 22 GDPR,
  • keep a record of processing activities (Art. 30 GDPR),
  • Report data protection violations (Art. 33 GDPR) and notify those affected if necessary (Art. 34 GDPR),
  • carry out a data protection impact assessment in the event of a high risk (Art. 25 GDPR),
  • if necessary, appoint a data protection officer (Art. 37 GDPR) and
  • Give an account of compliance with the principles of data protection (Art. 5 Para. 2 GDPR).

The rights of the data subjects - i.e. the persons whose data are processed - include in particular:

  • the right to information as to whether and which data is being processed
  • the right to rectification
  • the right to erasure (" right to be forgotten ")
  • the right to restriction of processing (if the purpose of the data collection is no longer or could be no longer applicable in whole or in part)
  • the right to data portability
  • the right of objection
  • the right not to be subjected to an automated decision

Individual evidence

  1. Who is the controller within the meaning of the GDPR? - MGDS. Accessed October 4, 2019 (German).
  2. Responsible. In: GDPR in simple terms. Accessed October 4, 2019 (German).
  3. The BayLfD on the EU GDPR - Part 4: Controller, processor and data protection officer - Projekt 29 GmbH & Co. KG. Accessed October 4, 2019 (German).