Data Protection Management supports the Presidential Board of the University in fulfilling the tasks and duties incumbent upon it as the "Controller", which follows from the General Data Protection Regulation (DSGVO), as well as from the other provisions of data protection law.

The data protection management is therefore responsible for:

• maintaining the list of processing activities pursuant to Art. 30 of the GDPR and advising the process owners on the creation of the descriptions of the processing activities required for this purpose
• ensuring that data protection impact assessments are carried out in accordance with Article 30 of the GDPR and advising the process owners in this respect
• recording breaches of data protection regulations or breaches of the protection of personal data and, if necessary, reporting them to the supervisory authority pursuant to Art. 33 of the GDPR
• safeguarding the rights of data subjects pursuant to Chapter III of the GDPR; in particular, processing requests for information from data subjects pursuant to Art. 15 of the GDPR
• advising on the introduction/adaptation of processing activities and processes; in particular (in cooperation with information security management) on the selection of suitable technical and organisational measures in accordance with Art. 32 of the GDPR
• advising on or drawing up data protection regulations (e.g. guidelines, service agreements)

The Data Protection Officer is responsible for advising all members and staff of the University, as well as all persons affected by the University's data processing, on general questions of data protection, as well as on the rights of the data subjects.