Procedure directory

The procedure directory was an element of German data protection law .

According to § 4d , § 4e of the Federal Data Protection Act in the version valid until 2018 (BDSG old version), every state or private body that processes personal data had to document the handling of this data. The term procedure directory or procedure overview has become established for this documentation .

In accordance with Section 4g (2 ) sentence 1 BDSG old version, the responsible body was required to provide an overview of the information specified in Section 4e sentence 1 BDSG old version as well as authorized access persons (often referred to as the internal procedure directory ).

Insofar as a data protection officer has been appointed in the company , he was obliged in accordance with Section 4g (2 ) sentence 2 of the Federal Data Protection Act (old version) to provide parts of this internal procedure directory (specifically the information in accordance with Section 4e Sentence 1 No. 1 to 8 of the Federal Data Protection Act (old version)) to anyone in a suitable manner to make available ( public directory of procedures ). If a data protection officer was not appointed, this obligation was incumbent on the responsible body.

If the directory of procedures was not kept or was not kept properly, the supervisory authorities could be expected to intervene , which are often informed by third parties if a company is unable to provide a directory of procedures upon request. According to Section 38 (4) BDSG old version, the supervisory authorities were entitled to inspect the directory of procedures. The persons commissioned by the supervisory authority to carry out the inspection were authorized, if necessary, to enter the site's properties and business premises during operating and business hours and to carry out inspections and inspections there. If there was no proper directory of procedures, depending on the supervisory authority, this could also result in the imposition of a fine in order to obtain the creation of a directory.

The General Data Protection Regulation (GDPR), which came into force on May 28, 2018 , replaced the provisions of the Federal Data Protection Act that had previously been in force. Instead of the directory of procedures, a directory of processing activities must now be kept in accordance with Art. 30 GDPR .

Individual evidence

↑ Directory of procedures and data protection act - what must be observed? ( Memento of the original from November 29, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Article of the IITR dated November 4, 2009. @1@ 2

[1] Directory of procedures and data protection act - what must be observed? ( Memento of the original from November 29, 2009 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Article of the IITR dated November 4, 2009. @1@ 2