Since the Basic Data Protection Regulation (DSGVO) came into force last May, some companies in Germany have had to restructure. Even then, many fears and worries arose with the DSGVO: 'Did we really comply with all the rules?', 'How do we now have to adapt our website regularly?', and so on... Last week, the Bundestag adapted the Data Protection Act so that one regulation was loosened.
The data protection officer, who previously had to be appointed with ten or more employees, now only has to be appointed with 20 or more employees: Thus small businesses are relieved, above all handicraft firms. Critics say this is "a wrong measure that could seriously jeopardize the maintenance of the high level of data protection in Germany", like for example the Federal Data Protection Commissioner Ulrich Kelber. In the legislative package, individual laws - a total of 150 - are adapted to the DSGVO, but this does not mean any relaxation of the provisions.
The increase in the threshold value for the appointment of a data protection officer nevertheless gives rise to concerns on the part of various politicians. "The duties remain exactly the same, but nobody is responsible any more", says Green member of parliament Konstantin Notz. "The only thing that increases is the liability risk. The consequences for small businesses should be negative rather than positive.
We at IOTIQ cannot impose a data protection officer on you, but we can help with our services. Talk to us about project management and development and we'll do our best to implement the improvements for you as soon as possible.