Federal Council increased duty to appoint data protection officer to 20 persons
Resolution of the Bundesrat on the GDPR
Duty to appoint company data protection officer increased to 20 persons. On 20 September, the Bundesrat decided that a company data protection officer only has to be appointed if the number of persons exceeds 20. Previously, the number was 10 persons. In the media, this decision is described as a "relief" for small companies.
From a data protection point of view, this is a fallacy, because the General Data Protection Regulation must nevertheless be fully implemented. It does not change the fact that small businesses also have to deal with the issue of Data protection and take appropriate measures, such as appointing company data protection officers.
"Despite strong criticism from data protection experts, the Federal Council approves the increase of the obligation to order to 20 employees. This does a disservice to companies, because data protection is mandatory for all companies. Even for us citizens - as those affected - it is more likely that data protection will be taken less seriously and that the level of data protection will fall.