The EU DSGVO has brought many new developments. Among other things, the effort required for the implementation of corresponding requirements has increased. There are many questions that need to be clarified and the ongoing changes require constant monitoring.
The role of “data protection officers of public bodies” is regulated in § 58 NDSG. In short, they advise and monitor compliance with data protection.
In addition, the TU Braunschweig has decided to establish a data protection management system that deals with everyday questions and assistance in implementing data protection. Thus the data protection officer and the data protection management agree on the following division of tasks:
| Data protection officer |
Data protection management |
- Advice to organisational units (OU) of the TU Braunschweig with regard to data protection in processing activities
- Advice to OUs before starting new processing activities (PA)
- Advising OUs when applying for research projects that may contain personal data
- checking the content of processing activity descriptions (PAD) in the List of Processing Activities (PA)
- Support of the OU in the implementation of the data protection impact assessments (DPIA)
- Examination of the results of DPIA
- Forwarding of requests outside the area of responsibility to the specific functional e-mail address
|
- advice on the use of the Record of Processing Activities (ROPA)
- Advice on technical questions regarding the completion of processing activity descriptions (PAD)
- Examination of PAD regarding formal correctness
- Legal support of the OU in the implementation of data protection impact assessments (DPIA)
- Assistant to the contract review in department 11 – legal advice on aspects of data protection law
- Processing of requests for information from individuals on stored data
- Processing of deletion requests
|
- Implementation of training courses on basic knowledge regarding data protection
- Participation in training courses for the implementation of DPIA
|
- Implementation of training on the use of the ROPA
- Implementation of training courses for the implementation of DPIA
|
- Participation in the preparation of draft statutes in the field of data protection
|
- preparation of draft statutes in the field of data protection
|
- monitoring of administrative enquiries concerning compliance with data protection
|
|
- Contact with the State Commissioner for Data Protection (LfD) in individual cases / cooperation with the supervisory authority
|
- Preparation of reports to the LfD in case of data protection breaches and information of the DPO
|
- Cooperation in the project “EU-DSGVO & IT Security”
|
- Product owner in the project “EU-DSGVO & IT Security”
|
And, of course, there are still tasks that are incumbent on the management of the authorities, as they either have a particular scope or are particularly critical.
These are:
- Final approval or rejection of processing activity descriptions (PAD) in the Record of Processing Activities (ROPA)
- Presentation of draft statutes to the Presidium and Senate
- Technical coordination and assistance in answering investigation enquiries
- Authorities contact to the State Commissioner for Data Protection (LfD)
- Reporting data protection violations to LfD
- Project sponsor in the project “EU-DSGVO & IT-Security”
At present, the function of managing the authorities in matters of data protection has been transferred to the CIO.
