Threshold on data protection officer to be eased for German SMEs

Source: Xinhua| 2019-06-28 22:56:37|Editor: Mu Xuequan
Video PlayerClose

BERLIN, June 28 (Xinhua) -- The threshold for small companies to appoint a data protection officer will be raised from 10 to 20 employees after a law passed in the German parliament on Friday.

Advocates have described the law, which is part of a package of laws to adapt individual German laws to the European Union's (EU) basic data protection regulation, as a measure to reduce bureaucracy.

Thomas Heilmann, member of the conservative CDU in the German parliament, defended the raising of the threshold.

"If you consider that 80 percent of the companies in Germany do not have 20 employees at all, then this has an enormous relevance," Heilmann said.

The new law has, however, been met with criticism from German data protectors.

"It is not clear why a successful model should suddenly be softened," criticized Ulrich Kelber, German commissioner for data protection.

German companies that would no longer have to appoint a data protection officer after a change would still be obliged to comply with the requirements of data protection law, Kelber pointed out.

The law was therefore "a wrong measure which could seriously jeopardize the maintenance of the high level of data protection in Germany," stressed Kelber.

The response from small and medium-sized German businesses to the new law was generally positive on Friday.

"The German Association of Small and Medium-Sized Businesses (DMB) takes a very positive view of the German government's commitment to a more SME-friendly data protection regulation," Marc Tenbieg, managing director of the association told Xinhua on Friday.

Particularly for smaller companies in Germany, the requirement to have a data protection officer could be "a great burden as there is often a lack of personnel," Tenbieg noted.

Similarly, Holger Schwannecke, secretary general of the German Confederation of Skilled Crafts (ZDH), welcomed the law as an "important signal".

Nonetheless, Schwannecke cautioned that the law did not address the fundamental problem of inconsistencies across federal state supervisory authorities in Germany.

"The obligation to appoint data protection officers are no longer reasonable for craft businesses, regardless of the number of employees," Schwannecke stressed.

Before the new regulation can enter into force, the German federal council (Bundesrat) will need to approve it.