| I. | Subject matter of data protection law | II. | Beginning of the data protection discussion | III. | Development of data protection legislation | IV. | Objective of data protection law | V. | Legal basis of data protection | VI. | The EC Data Protection Directive 95/46 | a. | Prohibition subject to authorisation | d. | Rights of the data subjects | e. | Prohibition of automated individual decisions | 4. | Data transfer to third countries | 5. | Working Party pursuant to Art. 29 EC Data Protection Directive 95/46 | VII. | Structure of the BDSG | VIII. | Applicability and scope | a. | Special types of personal data | b. | Details of personal or factual circumstances of an identified or identifiable natural person | 2. | Collection, processing and use | 3. | Public bodies and non-public bodies | a. | Public bodies of the federal government | b. | Public bodies of the federal states | c. | Associations of public bodies under private law | 4. | Limited scope of application for non-public bodies | a. | Using data processing systems | c. | Not for personal or family activities | a. | Home country principle | b. | Principle of establishment | d. | Transit through Germany | IX. | Admission of data collection, processing or use | 1. | Prohibition subject to authorisation | 3. | Authorisations outside the BDSG | 4. | Authorisations under the BDSG | a. | Authorisations under the BDSG for public bodies | bb. | Storage, modification and utilisation, § 14 BDSG | cc. | Transmission to public bodies, Section 15 BDSG | dd. | Transmission to non-public bodies, Section 16 BDSG | b. | Authorisation of the BDSG for non-public bodies | aa. | Applicability of the authorisation provisions of Sections 28, 29, 30 BDSG for non-public bodies | bb. | Data collection, processing and use for a non-public body's own purposes based on the purpose of a contractual relationship or contract-like relationship of trust with the data subject pursuant to Section 28 (1) sentence 1 no. 1 BDSG | cc. | Data collection, processing and use for the own purposes of a non-public body on the basis of a balancing of interests pursuant to Section 28 (1) sentence 1 no. 2 BDSG | dd. | Data collection, processing and use for a non-public body's own purposes in accordance with Section 28 (1) sentence 1 no. 3 BDSG | ee. | Transmission or use of personal data by a non-public body to protect the legitimate interests of a third party in accordance with Section 28 (3) sentence 1 no. 1 BDSG | ff. | Transmission or use of personal data by a non-public body for the prevention of threats to state and public security and for the prosecution of criminal offences pursuant to Section 28 para. 3 sentence 1 no. 2 BDSG | gg. | Transmission or use of personal data by a non-public body for the purposes of advertising, market research or opinion polling in accordance with Section 28 (3) sentence 1 no. 3 BDSG | hh. | Transmission or use of personal data by a non-public body in the interest of research pursuant to Section 28 (3) sentence 1 no. 4 BDSG | ii. | Collection, processing and use of special personal data pursuant to Section 28 (6-9) BDSG | (1) | Authorisation under Section 28 para. 6 no. 1 BDSG | (2) | Authorisation under Section 28 (6) No. 2 BDSG | (3) | Authorisation under Section 28 (6) No. 3 BDSG | (4) | Authorisation under Section 28 (6) No. 4 BDSG | (5) | Authorisation elements of Section 28 (7) and (9) BDSG | (6) | Principle of purpose limitation of § 28 para. 8 BDSG | (7) | § Section 29 (5) BDSG | jj. | Collection and processing of personal data by a non-public body for the purpose of transmission in accordance with Section 29 (1) and (2) BDSG | kk. | Modification of personal data by a non-public body for the purpose of its transmission in anonymised form in accordance with Section 30 (1) and (2) BDSG | X. | Data avoidance and data minimisation pursuant to Section 3a BDSG | XI. | Rights of the data subject affected by data processing | 1. | Claims of the data subject against public authorities | a. | Right to information, § 19 BDSG | aa. | Requirements for the provision of information | bb. | Restrictions on the right to information | cc. | Prohibitions on the provision of information | dd. | Consequences of a refusal to provide information | ee. | Free provision of information | b. | Right to rectification, Section 20 (1) BDSG | c. | Right to erasure, Section 20 (2) BDSG | d. | Right to blocking, Section 20 (3), (4) and (6) BDSG | e. | Right to object, Section 20 (5) BDSG | f. | Right to appeal to the Federal Commissioner for Data Protection, Section 21 BDSG | 2. | Claims of the data subject against non-public bodies | a. | Right to information, Section 34 BDSG | aa. | Requirements for the provision of information | bb. | Content of the provision of information | cc. | Type of information to be provided | dd. | Exceptions to the obligation to provide information | ee. | Free provision of information | b. | Right to rectification, Section 35 (1) BDSG | c. | Right to erasure, Section 35 (2) BDSG | d. | Right to blocking, Section 35 (3) and (4) BDSG | e. | Right to object, Section 35 (5) BDSG | XII. | Data protection officer | 1. | Appointment and suitability of the data protection officer | c. | Expertise and reliability | 2. | Position of the data protection officer | 3. | Prohibition of discrimination | 5. | Obligation of the responsible body to provide support | 6. | Notification of the data protection officer | 7. | Internal processing overview | 8. | Tasks of the data protection officer | b. | Monitoring the proper use of data processing programmes | c. | Information of employees | d. | Procedure directory for everyone | 9. | Powers of participation of the works council | 1. | General technical and organisational measures | 2. | Eight commandments of data security | 1. | Fines in accordance with Section 43 BDSG, fines of up to €25,000 | a. | Violations of procedural provisions, Section 43 (1) BDSG | aa. | Violation of the reporting obligation (No. 1) | bb. | Improperly appointed data protection officer (No. 2) | cc. | Breach of the duty to inform (No. 3) | dd. | Other breaches of procedural rules (No. 4 - 11) | b. | Violations of substantive provisions, Section 43 (2) BDSG, fines of up to € 250,000 | aa. | Unauthorised collection or processing (No. 1) | bb. | Unauthorised making available for retrieval (No. 2) | cc. | Unauthorised retrieval or provision (No. 3) | dd. | Obtaining access authorisations (No. 4) | ee. | Violations of the principle of earmarking (No. 5) | ff. | Unauthorised merging of anonymised data (No. 6) | c. | Subjective offence and unlawfulness | 2. | Penal provisions according to § 44 BDSG | 3. | Sanctions outside the BDSG | 4. | Practical significance | XV. | Compensation for damages | 1. | Liability of non-public bodies, Section 7 BDSG | 2. | Liability of public bodies, Section 8 BDSG | 1. | Data processing on behalf of | a. | Scope of application of Section 6b BDSG | b. | Admissible purposes of video surveillance | d. | Further processing or use | e. | Notification and deletion | 3. | Supervisory authorities for non-public bodies | 4. | Cross-border data traffic | b. | Transfer of personal data abroad and to supranational and intergovernmental bodies | 5. | Data protection and the Internet | a. | General applicability of data protection law | b. | Applicability of German data protection law | cc. | Java applets and cookies | c. | Applicability of the BDSG | XVII. | Modernisation of data protection law | 1. | The need to modernise data protection law | a. | Subject matter of data protection law | b. | Simplification of the legal regulation | d. | Principles of data processing | aa. | Self-determination of the data subject | (1) | Weakening of the self-determination of the data subject | (2) | Strengthening the self-determination of the person concerned | bb. | High transparency of data processing | cc. | Necessity of the processing of personal data | dd. | Purpose limitation and purpose limitation | e. | Data protection management | f. | Data protection through technology/self-data protection | g. | Strengthening the rights of data subjects | cc. | Compensation for damages | |
