The GDPR (General Data Protection Regulation) has caused plenty of discussion in companies in recent years. Many were unsure who bears primary responsibility for compliance with the GDPR. However, a recent ruling by the Heilbronn Labor Court has provided clarity on this issue.
The plaintiff, 60 years old, had been employed by the defendant since October 1, 2002, most recently in the responsible position of attorney and head of the legal department. In this role, he was instrumental in the legal direction of the company and contributed to the resolution of complex legal challenges. Due to his expertise and commitment to data protection, he was appointed as the company’s data protection officer on December 1, 2018. In this role, he was responsible for monitoring compliance with the GDPR and other data protection regulations. Despite his many years of service and commitment to the company, disagreements arose between him and the defendant’s CEO. These differences led to tensions that eventually formed the background for the legal disputes.
In its ruling of 29.9.2022 under case number 8 Ca 135/22, the court made important clarifications regarding the role and responsibility of data protection officers. It was clearly emphasized that termination without notice of a data protection officer based solely on mere breaches of official duties is considered invalid. If a data protection officer violates his/her duties, this can generally only serve as grounds for his/her dismissal, but not for termination without notice. Furthermore, the court emphasized that the main responsibility for implementing and complying with the GDPR lies with the company itself and not with the data protection officer. This underscores the central role that companies play with regard to data protection and the need to actively address the requirements of the GDPR.
This ruling forcefully emphasizes how important it is for companies to deal intensively and continuously with the requirements of the GDPR. It is a common misconception that the mere appointment of a data protection officer is sufficient to meet all data protection requirements. While a data protection officer can provide advice and support, the actual responsibility for compliance with data protection regulations lies with the company itself. This means that companies must invest not only in employee education and training, but also in technologies and processes that ensure data protection. It is critical that they are proactive, conduct regular reviews, and stay up-to-date with the latest data protection regulations. This is the only way they can ensure that they correctly implement not only the GDPR but also other relevant data protection regulations and minimize potential legal risks.
The ruling of the Heilbronn Labor Court is a clear signal to all companies. It emphasizes that the responsibility for compliance with the GDPR lies with the company itself and not with the data protection officer. It is time for companies to review their data protection practices and ensure that they meet the requirements of the GDPR.
Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.
The integration of smart contracts into traditional contract structures opens up fascinating opportunities for blockchain start-ups, but also poses complex...
Read moreDetails
I have just become aware of a ruling of the Federal Court of Justice from last year that answers an...
Read moreDetails
The time of the conclusion of the contract in online stores and for SaaS services is for providers of largehe...
Read moreDetails
Due to antitrust concerns of the Federal Cartel Office, Amazon is changing its terms and conditions for merchants on Amazon's...
Read moreDetails
The Federal Court of Justice has to decide whether, in the way a game is offered there, in the way...
Read moreDetails
Home office workplaces are becoming increasingly popular and will also increase in the Federal Republic of Germany due to the...
Read moreDetails
There is currently a start-up trend in Germany that has evolved from the need for collaborative development of software and/or...
Read moreDetails
Creating an online store offers self-employed people enormous opportunities, but also harbors numerous legal pitfalls. A legally compliant design is...
Read moreDetails
Editorial work on the September issue of SpoPrax - Sportrecht und E-Sportrecht in der Praxis has been completed. I too...
Read moreDetailsPrivate accounts on ChatGPT & Co. for corporate purposes are a gateway to data protection breaches, leaks of secrets and...
Read moreDetails
In this exciting episode of the itmedialaw.com podcast, we take a deep dive into the highly topical subject of digital...
Read moreDetails
In this video, I talk a bit about transparent billing and how I communicate what it costs to work with...
Read moreDetails
