German Data Protection Authorities Set Minimum Competency and Independence Requirements for Company Data Protection Officers

more+
less-

By joint resolution of 24/25 November 2010, the German data protection authorities ("DPAs") have set minimum requirements for the competency and independence of company data protection officers ("DPOs"). The initiative follows inspections carried out within companies that revealed a generally insufficient level of competency among DPOs, and of data controllers' organizational framework and resources for data protection compliance, given the increasing complexity of automated processing of personal data and the requirements of the Federal Data Protection Act.

The DPAs emphasize that a DPO's workload and responsibilities depend in particular on the size of the data controller, the number of data controllers supervised by the individual DPO, particularities of industry-specific data processing, and the level of protection required for the types of personal data being processed.

The resolution sets out the following minimum requirements with respect to competency and independence of DPOs, as well as to the data controllers' organizational framework and resources for data protection compliance:

Please see full Alert below for further information.

LOADING PDF: If there are any problems, click here to download the file.