Data Protection Commissioner
The central task of the data protection officer is to advise and support the University of Applied Sciences Potsdam in all matters of data protection. Furthermore, the data protection officer is available as a contact person for university members who fear violations of data protection regulations by the same institution and is bound to secrecy.
Data protection at a glance
In contrast to what the term initially suggests, data protection does not focus on the data, but on the persons about whom information (data) is processed.
The legal starting point is the fundamental right to informational self-determination. The basic idea is that every person should be able to determine for themselves who receives what information about them and on what occasion. Situations in which large organisations collect, store and evaluate information - possibly without the knowledge of the persons concerned - are seen as particularly threatening.
The fundamental right to informational self-determination is a universal human right. It is also listed under "Privacy" by the UN Human Rights Council (UNHRC) in the list of "Human Rights Issues". It serves to protect the privacy of every person in the face of social power relations and is therefore a central building block of democracy.
Tasks of the data protection commissioner
- Processing enquiries regarding data protection and providing appropriate advice to members of the university (staff and students) as well as third parties
- Monitoring all areas that process personal data
- Complaining about violations of data protection regulations together with the request to remedy the violations or deficiencies
- Participating in the planning of IT projects that serve the automated processing of personal data
- Monitoring the controller's strategy for compliance with the general data protection regulation
Legal basis for data protection at universities in the state of Brandenburg
Data protection is a general human right that is regulated in more detail by the european data protection regulation (DSGVO) and the Brandenburg data protection act (BgbDSG). According to these laws, the collection and processing of personal data always requires explicit permission.
Either this permission is defined by a legal provision, such as in the Brandenburg university act in § 14 (9) (BbgHG): "The higher education institutions may process the personal data of applicants, students, doctoral students, examination candidates and external users of higher education institutions which are required in particular for enrolment, re-registration, participation in courses, examinations, the use of higher education institutions, participation in the evaluation of teaching and studies and for higher education planning. (...)".
Or permission is given by consent of the person concerned. However, this must be based on voluntariness.
Charter of fundamental rights of the European Union
The EU charter of fundamental rights describes the "protection of personal data" in article 8.
EU General data protection regulation (DSGVO)
The EU general data protection regulation (GDPR) contains guiding principles for the protection of personal data. It has been directly legally effective since the 25th of May 2018 and has been supplemented at both federal and state level by adaptation laws.
Brandenburg university act
§ 14, section 9 and § 38 of the Brandenburg university act (BbgHG) describe further legal foundations for the handling of data at the University of Applied Sciences Potsdam.