Data Protection Officer — when required?
Obligation to appoint a DPO in DE and AT.
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
Definition
DE: Mandatory from 20 persons engaged in continuous automated processing (Section 38 BDSG) OR for core activities (Article 37 GDPR). AT: Only Article 37 GDPR (no national threshold). Practice: An external DPO is advisable from 50 employees. The GDPR Kit contains: DPO appointment template + duties checklist.