Skip to main content
Machen Sie jetzt den
DSGVO Quick-Check!

When is an internal or external Data Protection Officer required?

Written by Aylin Stadtsholte on .

According to the General Data Protection Regulation (GDPR), an internal or external Data Protection Officer must be appointed under certain conditions.  

This is particularly the case:  

  • for public authorities (see Art. 37 para. 1 a) GDPR, § 5 BDSG),  
  • or if, in the case of non-public bodies, the processing of personal data is part of their core activities and involves extensive processing of special categories of personal data (e.g., health data) (Art. 37 para. 1 b–c) GDPR).  

In addition, a national regulation pursuant to § 38 para. 1 BDSG applies in Germany: Every non-public body must appoint a Data Protection Officer if at least 20 persons are permanently entrusted with the automated processing of personal data – this already includes regular access to an email system 

Note: This information does not constitute individual legal advice.

Services
Data Protection

for Authorities

International Data Protection

Data Privacy Framework

Artificial Intelligence

Telecommunications Data Protection

Telemedia & Digital Services

Health Data Protection

Financial and Banking Data Protection

Ecclesiastical Data Protection

Concepts

Expertise

Individuality

Engagement

Law Firm

Team

Locations

Career

Philosophy

Legal Notice

Privacy Policies

Adenauerallee 136
D-53113 Bonn
Phone: +49 (0) 228-227 226-0
Mail: info@scheja-partners.de