Senior management and organisation
Please identify the authority’s senior management.
The Berlin commissioner for data protection and freedom of information, Maja Smoltczyk, has the task of monitoring compliance with data protection regulations in the federal state of Berlin; informing and advising on data protection issues; and securing the basic right to informational self-determination. The authorities and other public bodies of Berlin, as well as Berlin-based private bodies (eg, companies, associations), are subject to her control and supervision. Since 1999, the commissioner has also had to ensure compliance with the right of access to files and information. In the exercise of her tasks, the commissioner is independent and subject only to the law.
When was the head of the authority appointed?
Maja Smoltczyk was elected on 28 January 2016.
How long is their term of office?
The commissioner is appointed for five years.
What is the process for nominating the head of the authority?
The commissioner is elected by the Berlin House of Representatives, and appointed by the House’s president.
What was the authority’s budget for the most recently available financial year?
Our planned expenditures for 2018 totalled €4,586,400.
How many data protection/privacy-focused staff does the authority employ?
The commissioner employs around 33 staff members with focus on data protection (secretariats excluded).
Contacting the authority
How and where should companies or their advisers contact the authority to notify a data breach? Please specify individuals, email addresses, URLs for online forms, etc.
A form to notify data breaches is available at: www.datenschutz-berlin.de/wirtschaft-und-verwaltung/meldung-einer-datenpanne/datenpannenformular/.
The commissioner can be contacted at:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstrasse 219 (visitors’ entrance:
Puttkamerstrasse 16-18, 5th floor)
Tel: +49 30 138890/2155050
How and where should companies or their advisers contact the authority to start the binding corporate rules approval process? Please specify individuals, email addresses, URLs for online forms, etc.
Companies should email the commissioner at [email protected] or call +49 30 138890.
Legal and enforcement framework
What are your investigative powers?
The investigative powers of the Berlin Commissioner are defined in article 58 of the GDPR.
Can you search premises or force the disclosure of information without having to approach the courts?
According to article 58(1)(a,f) of the GDPR, the commissioner can order the controller and the processor to provide any information (and access thereto) that is required for the performance of the commissioner’s tasks. The confiscation of documents in a fine proceeding, however, is subject to a judge’s approval.
What fines can you impose on companies that breach data protection rules?
According to article 85(4,5) of the GDPR, infringements shall be subject to administrative fines of up to €20 million; or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
What other measures can you take against companies that breach data protection rules?
The commissioner can use his or her corrective powers in accordance with article 58(2) of the GDPR, or file a criminal complaint with the law enforcement authorities.
What emergency or interim measures can you take pending the full conclusion of your investigations?
See the powers of the Data Protection Act, according to article 58 of the GDPR.
Priorities and the future
What are your enforcement priorities over the next year? For example, are you targeting any particular topics, or industry sectors?
We are required by law to investigate complaints filed by data subjects. Therefore, we have only limited influence on which industries and topics we examine.
What data protection/privacy-related guidelines have you issued to date?
We have information material on various topics on our website: https://www.datenschutz-berlin.de/veroeffentlichungen.html.
Are you working on any further data protection/privacy guidelines or guidance, or on amending any of your current guidance? If so, what?
We are working to adapt our publications to the new legal framework and to publish new publications. However, due to our limited resources, this is a longer process.
Would you like to see further reforms to your laws (beyond GDPR implementation legislation, if applicable) or to your enforcement framework? If so, what?
We hope that the legislative process on the ePrivacy regulation will be pushed forward quickly and thoroughly.