Duties & responsibilities

Responsibilities of the BayLDA

The BayLDA is responsible for data protection for the private sector in Bavaria and is supervising data processing by private owned corporations/commercial entities, freelancers, private owned hospitals and nursing homes, associations and political parties, online companies, and private individuals. Especially the data protection official has to work towards a controller complying with data protection law. The BayLDA is supporting and advising data protection officials. Furthermore, the BayLDA is supervising the controller's data processing, too.

The key duties and responsibilities of the BayLDA are summarized in the following flyer that can be downloaded here:

Duties

Advising controllers and data protection officials with regard to Para. 38 Sec. 1 Sentence 2 German Federal Data Protection Law ("BDSG") is a major aspect of our work. Complex issues are presented to us in written form or during a meeting at the BayLDA or on-site. Many controllers, data protection officials and attorney-at-law know our keynote. We rather help by advising on an issue beforehand in order to avoid data protection violations, compared to issuing a fine afterwards. This website is part of our consulting engagement. Furthermore, we inspect data processing (sometimes on-site), we help to review data protection violations (e.g. hacking incidents) and we work with relevant associations and chambers.

Rights

As a data protection authority the BayLDA has the supervisory authority to get immediate information from a controller. Furthermore, we have the right to access a perimeter and inspect a controller in order to conduct on-site inspections. Therefore, we are allowed to enter a company's property. It is within our supervisory power to inspect business documents, too.

Actions to be taken

If there is a data protection violations, the BayLDA is allowed to take different actions. On the one hand, we may order measures to eradicate the violation and to inform the data subjects. On the other hand, we may order to stop crucial data processing. With regard to sanctions, we may issue a fine and we might file charges.

Oligation to register

In accordance with Para. 38 Sec. 2 German Federal Data Protection Law ("BDSG") we are keeping a register in accordance with Para. 4 d BDSG regarding the controllers of automated data processing in Bavaria. Basically the following two business concepts need to be registered with us: Data storing with the purpose of transferring personal data, e.g. credit agencies and list brokers, and data storing with the purpose of transferring anonymized data, e.g. market, opinion and social research institutions.


Jurisdiction of other authorities

In Bavaria, the data protection supervising authority with regard to the public sector is not part of the BayLDA's jurisdiction.

  • The State Commissioner on Data Protection, Dr. Thomas Petri, is responsible for supervising data protection laws regarding the public sector. He is responsible for Bavarian public sector entities, e.g. state entities, municipalities and local governments.
  • The German Evangelical Church and the German Roman-Catholic Church have their own bodies responsible for data protection.
  • Furthermore, the State Broadcasting Service is supervised by an extra authority. Information regarding data protection for example with regard to the "Bayerischer Rundfunk" are available on their website: www.br.de.
  • Concerning data protection within an editorial department of media companies, State Data Protection Authorities have no jurisdiction. Instead, the jurisdiction lies with the German Press Council. The German Press Council investigates complaints with regard to editorial departments within a specialized Committee on Data Protection.