Data Protection Officer
Which mission does the Data Protection Officer have?
It is the task of the Data Protection Officer to ensure that the German Federal Data Protection Law as well as other data protection regulations are observed by providing advice and controlling. This means especially to control that data processing programmes are used correctly. Task and activities conform specifically to § 4f and § 4g of the German Federal Data Protection Law (BDSG) as well as the regulations of the Federal State of Bavaria.
The Data Protection Officer acts according to the following principles:
- personal data may only be collected, processed and used as far as this is legitimate (significant here are especially the §§ 27-31 BDSG) or the person concerned has consented
- principle of limitation of use, i.e. data may only be processed for the purpose they were collected for
- if possible, personal data are to be collected directly from the person concerned; the principles of data avoidance and data economisation apply
- anonymous or pseudonymous processing is preferred
- technical and organisational measures should be taken to ensure data protection and data security
In any data security issues all members of the HNU staff may turn direct to the Data Protection Officer.