Data Protection Academy » Data Protection News » Duty to appoint company data protection officers increased to 20 persons

Federal Council increased duty to appoint data protection officer to 20 persons

Resolution of the Bundesrat on the GDPR

Obligation to appoint company data protection officers increased to 20 persons. On 20 September, the Federal Council decided that a company data protection officer only has to be appointed if there are 20 or more people. Previously it was 10 people. In the media, this decision is described as a "relief" for small companies.

From a data protection point of view, this is a fallacy, because the General Data Protection Regulation must nevertheless be fully implemented. It does not change the fact that small businesses also have to deal with the issue of Data protection and take appropriate measures, such as appointing company data protection officers.

Link to the decision of the Federal Council.

Prof. Dr. Andre Döring Data Protection Officer Robin Data GmbH

"Despite major criticism from data protection experts, the Federal Council approves the increase in the obligation to appoint 20 employees. This is a disservice to companies, as data protection is mandatory for all businesses. For us citizens - as data subjects - it is to be expected that data protection will be taken less seriously and the level of data protection will fall."

Nadine Porrmann
Latest posts by Nadine Porrmann (see all)

This might interest you too:

HinSchG: Protection of whistleblowers

The Whistleblower Protection Act: regulations and obligations for companies, requirements for whistleblowers, white paper including checklist!

Smart Home Privacy Concerns

Smart Home applications: Find out why the benefits in everyday life often involve data protection risks and how you can protect yourself.

The Supply Chain Act (LkSG)

The Supply Chain Act (LkSG) came into force on 01.01.2023. Learn about the current regulations and obligations for companies in the article.