Data Protection Management
Further links (external)
- General Data Protection Regulation (GDPR)
- Lower Saxony Data Protection Act
- The Federal Commissioner for Data Protection
- The State Commissioner for Data Protection of Lower Saxony
- Federal Office for Information Security (BSI)
- Federal Association for Information Technology
- German Association for Data Protection and Data Security (GDD)
Data Protection Management
What does data protection mean?
Data protection - at least in Germany - is usually understood as the right to decide for oneself who should have access to which personal data and when. The essence of such data protection law is to balance out the power imbalance between organisations and individuals as far as possible and to strengthen and protect the rights of individuals.
Depending on how you look at it, data protection can therefore be understood as protection against improper data processing, protection of the right to informational self-determination, protection of personal rights in data processing and also protection of privacy.
The above reports also show that active data protection is urgently required. Time and again, serious breaches of data protection occur. It is the task of the data protection officers, among others, to penalise these: at university level the university data protection officer, at state level the statedata protection officers and at federal level the BfdI (Federal Commissioner for Data Protection and Freedom of Information) takes on this task.
In general, data protection can and should counteract the existing trend in the increasingly digital and networked information society towards so-called transparent people, the proliferation of state surveillance measures (surveillance state) and the emergence of data monopolies by private companies.
On the following pages, you can find out exactly what data protection involves and what obligations arise for anyone who processes the data of others in any form.
Data Protection and Information Security Unit (Data Protection and Information Security Unit)
At the University of Oldenburg, the Data Protection and Information Security Managementstaff unit and the Data Protection Officer are responsible for data protectioncompliance and data security.
The staff unit directly supports the university's Board of Governors in implementing the legal requirements of data protection. These arise largely from the General Data ProtectionRegulation (GDPR), but also from other data protectionregulations.
Data protection management is therefore responsible for
- advising on the introduction/adaptation of processing activities and processes; in particular (in cooperation with information security management) on the selection of suitable technical and organisational measures in accordance with Art. 32 GDPR that comply with data protectionrequirements
- advising on and drafting data protection regulations (e.g. guidelines, service agreements)
- Maintaining the register of processing activities in accordance with Art. 30 GDPR and advising process owners on the preparation of the necessary descriptions of processing activities
- ensuring that data protection impact assessments are carried out in accordance with Art. 30 GDPR and advising process owners in this regard
- recording breaches of data protection regulations or violations of the protection of personal data and, if necessary, reporting these to the supervisory authority in accordance with Art. 33 GDPR
- safeguarding the rights of data subjects in accordance with Chapter III of the GDPR; in particular, processing requests for information from data subjects in accordance with Art. 15 GDPR
In addition, the staff unit is the direct point of contact for
- Training and sensitisation measures and
- fundamental, organisation-related data protection issues.
The Data Protection Officer 's task is to advise all members and affiliates of the University as well as all persons affected by the University's data processing, including on general data protection issues and the rights of data subjects. In this function, the data protection officer is not bound by instructions and is obliged to maintain confidentiality.