I believe that under the BDSG a DPO is required in Germany for any organisation where more than 20 individuals deal with electronically saved personal data.
I’ve also been told that the German Authorities require that the DPO speaks the language of the competent Authorities and data subjects, ie German, or at least that instant translation is ensured. Could any-one point me to the guidance where this is spelled out please?
Also, what constitutes instant translation?
The requirement of the German speaking documentation is to be found here https://www.lda.bayern.de/media/veroeffentlichungen/FAQ_Amtssprache.pdf at least that’s what the Bavarian authority requests.
It’s quite simple public servants in Germany do not automatically speak English. (Ex. The Bavarian authority has 30 people working there and only 4 speak English) so the requirement is a practical one.
Also you are right to say that when 20 people are processing data you need a DPO but the BDSG also says that you need a DPO in some cases when less people are processing data: for instance when you are processing special categories or if and when the nature of processing is large scale monitoring or when the processing activity necessitates to perform DPIAs.
In which federated state is the company you are referring to registered? I am asking because this will be the state where you need to register your DPO in.
Presumably you are talking about a company registered in Germany, hence why it falls under this domestic legislation.
Which begs the question, why wouldn’t you appoint a German speaking, resident DPO?
I’m guessing it could be that they have a non-German speaking DPO that doesn’t want to have to manage a local DPO that could potentially want to differ from the global DPO on issues and risk interfering with an otherwise “clean” standardised global approach, or have diverging views as to what constitutes an acceptable risk-based approach.
OP being anonymous, I suppose that we wont have an answer to that 🙂
unless they can edit?