BLOG

According to § 38 of the BDSG, companies with 20 or more employees involved in automated data processing are required to appoint a Data Protection Officer (DPO) — however, smaller companies may also be obligated. This article explains the thresholds that apply, who is counted, and why an external DPO is often the legally safer choice for many SMEs.

If a company extensively processes special categories of data according to Art. 9 or criminal data according to Art. 10 GDPR as part of its core business, it is obliged to appoint a data protection officer. The article explains which data is affected, when the obligation applies, and what fines are threatened in case of violations.

Following a successful appeal, the appellate court usually remands the case for retrial. The new trial court—the so-called second first instance—decides independently where findings have been overturned. Whether acquittal or a new sentence is possible depends on the scope of the appeal.

Data protection violations can affect anyone and have far-reaching consequences for companies. In addition to high fines under the GDPR, there is a strict 72-hour reporting obligation to supervisory authorities, and in serious cases, even criminal investigations. Those who ignore the requirements risk significant financial damages, loss of reputation, and personal liability. Get informed now to avoid existential consequences.

Who is responsible for data protection in your company? The GDPR's clear answer: the company itself, represented by management or the owner. A Data Protection Officer (DPO) is an important supervisory body, but cannot assume overall responsibility. Do not underestimate this accountability principle, as violations can lead to significant fines and criminal consequences. Ensure clear internal structures and train your employees.

If the appellate judgment in criminal law is flawed, the revision to the Higher Regional Court is the legal remedy. However, it is not a new factual instance, but exclusively corrects legal errors. The deadline for filing is only one week. An alternative is the direct revision, which skips the Regional Court. A precise analysis of the initial judgment is crucial for the strategic decision between appeal and direct revision.