Responsibilities of the BayLDA

Especially the data protection official has to work towards a controller complying with data protection law. The BayLDA is supporting and advising data protection officials. Furthermore, the BayLDA is supervising the controller's data processing, too.

The key duties and responsibilities of the BayLDA are summarized in the following flyer that can be downloaded here:

  Duties.  Advising controllers and data protection officers with regard to Art. 57 GDPR is a major aspect of our work. Complex issues are presented to us in written form or during a meeting at the BayLDA or on-site. Many controllers, data protection officials and attorney-at-law know our keynote. We rather help by advising on an issue beforehand in order to avoid data protection violations, compared to issuing a fine afterwards. This website is part of our consulting engagement. Furthermore, we inspect data processing (sometimes on-site), we help to review data protection violations (e.g. hacking incidents) and we work with relevant associations and chambers.

  Rights.  As a data protection authority the BayLDA has the supervisory authority to get immediate information from a controller. Furthermore, we have the right to access a perimeter and inspect a controller in order to conduct on-site inspections. Therefore, we are allowed to enter a company's property. It is within our supervisory power to inspect business documents, too.

  Actions to be taken.  If there is a data breach, the BayLDA is allowed to take different actions according to Art. 58 GDPR. On the one hand, we may order measures to eradicate the violation and to inform the data subjects. On the other hand, we may order to stop crucial data processing. With regard to sanctions, we may issue a fine and we might file charges.

  Oligation to register.  In accordance with Para. 38 Sec. 2 German Federal Data Protection Law ("BDSG") we are keeping a register in accordance with Para. 4 d BDSG regarding the controllers of automated data processing in Bavaria. Basically the following two business concepts need to be registered with us: Data storing with the purpose of transferring personal data, e.g. credit agencies and list brokers, and data storing with the purpose of transferring anonymized data, e.g. market, opinion and social research institutions.

Jurisdiction of other authorities

In Bavaria, the data protection supervising authority with regard to the public sector is not part of the BayLDA's jurisdiction.

  • The State Commissioner on Data Protection, Dr. Thomas Petri, is responsible for supervising data protection laws regarding the public sector. He is responsible for Bavarian public sector entities, e.g. state entities, municipalities and local governments.
  • The German Evangelical Church and the German Roman-Catholic Church have their own bodies responsible for data protection.
  • Furthermore, the State Broadcasting Service is supervised by an extra authority. Information regarding data protection for example with regard to the "Bayerischer Rundfunk" are available on their website:
  • Concerning data protection within an editorial department of media companies, State Data Protection Authorities have no jurisdiction. Instead, the jurisdiction lies with the German Press Council. The German Press Council investigates complaints with regard to editorial departments within a specialized Committee on Data Protection.
  • translation missing: en.zusatenmsd1_0
    translation missing: en.zusatenmsd1
    translation missing: en.zusatenmsd2_0
    translation missing: en.zusatenmsd2
    translation missing: en.zusatenmsd2_2
    translation missing: en.zusatenmsd3_0
    translation missing: en.zusatenmsd3
    translation missing: en.zusatenmsd4_0
    translation missing: en.zusatenmsd4
    translation missing: en.zusatenmsd5_0
    translation missing: en.zusatenmsd5