

Data Protection Officer
High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?
High damages claims and administrative fines in the event of data protection breaches: the appointment of a data protection officer is mandatory. Are you familiar with their responsibilities and duties, and are these being implemented in a correct and compliant manner?
As a rule, data protection officers have no decision-making power themselves but report to the management. Hence, it is the management that is responsible for complying with and implementing data protection. If the data protection officers are awarded corresponding powers to issue instructions under their respective contracts, this will also impact their liability.
Even without formal decision-making powers, data protection officers have considerable responsibility. With statutory provisions becoming increasingly complex, their tasks are also becoming more extensive. Breaches may trigger high damages claims and administrative fines and cause considerable reputational damage.
Are you sufficiently protected and trained?
Explore our services
News & insights

News: 29 JANUARY 2021
Allen & Overy advises SAP on the acquisition of Signavio
Allen & Overy has advised SAP SE on the acquisition of Signavio GmbH, a leading company in the enterprise business process intelligence and process management space.
Read more
Publications: 04 NOVEMBER 2020
The International Comparative Legal Guide: Cybersecurity 2021
This 4th edition provides a global analysis of common issues in cybersecurity laws and regulations across 26 jurisdictions. It covers key topics such as criminal activity, applicable laws, specific…
Read more
Publications: 09 OCTOBER 2020
Hamburg regulator issues EUR 35 million GDPR fine for data privacy breach
The Hamburg Data Protection Authority imposed the largest ever GDPR fine in German history on Swedish fashion company H&M on 1 October 2020. According to the regulator, the company had stored and used…
Read more
Publications: 29 MAY 2020
Active user consent is required, while previously practiced opt-out mechanisms are unlawful
On 28 May 2020, the German Federal Court of Justice (Bundesgerichtshof; BGH) issued its decision in the Planet49 case that had previously been referred to and decided on by the Court of Justice of the…
Read more