German Data Protection Authorities Set Minimum Competency and Independence Requirements for Company Data Protection Officers


By joint resolution of 24/25 November 2010, the German data protection authorities ("DPAs") have set minimum requirements for the competency and independence of company data protection officers ("DPOs"). The initiative follows inspections carried out within companies that revealed a generally insufficient level of competency among DPOs, and of data controllers' organizational framework and resources for data protection compliance, given the increasing complexity of automated processing of personal data and the requirements of the Federal Data Protection Act.

The DPAs emphasize that a DPO's workload and responsibilities depend in particular on the size of the data controller, the number of data controllers supervised by the individual DPO, particularities of industry-specific data processing, and the level of protection required for the types of personal data being processed.

The resolution sets out the following minimum requirements with respect to competency and independence of DPOs, as well as to the data controllers' organizational framework and resources for data protection compliance:

Please see full Alert below for further information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Reed Smith on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.