The appointment of a data protection officer applies to all companies which deploy more than nine persons to carry out the automatic processing of personal data on an ongoing basis. If the data are collected, processed or used by the company other than automatically processed, a data protection officer has to be appointed if at least 20 persons usually carry out the processing of personal data. In some cases it may be necessary for companies, irrespective of the number of persons deployed, to appoint a data protection officer. This is the case where data are processed automatically which are subject to prior checking and where companies are processing personal data automatically for the purpose of market and opinion research, § 4f section 1 page 6 Federal Data Protection Act.
The data protection officer must have the necessary expertise to fulfil his tasks. The data protection officer can be appointed internally within the company or as an external service provider. The task of the data protection officer is to ensure that the Federal Data Protection Act is in compliance with this Act and other regulations on data protection. He has to supervise the proper use of the data progressing programs and to make sure that the personnel working with personal-related data becomes fully familiar with the regulations of the Data Protection Act and the special requirements of same.
His main tasks are consultation and monitoring. The data protection officer is not authorized to issue instructions and he has no obligation to implement.
After receipt of the directories of procedure the data protection officer has to carry out prior checks pursuant to § 4d section 5, 6 Federal Data Act if the processing of personal data by automatic means present particular risks to the „rights and freedoms“ of the persons concerned.
The law firm NACHTWEY IP would be pleased to provide you with the name of an external data protection officer; also we provide information and legal advice to private persons and companies in respect of all aspects of private and public data protection. Contact us.