Under the title “Moving our country forward,” the German Association of Data Protection Officers (BvD) published a 5-point paper on Aug. 25, 2021, with demands for the future federal government. In it, the association argues that the protection of personal data should finally be seen as an opportunity and that the previously untapped potential for successful digitization should be exploited. This requires a reduction in the bureaucratic burden on companies and a stronger role for company data privacy officers, as well as uniform legal interpretation by data privacy regulators.
The BvD sees an opportunity for a political reboot in the area of the urgently needed digitization of processes in business and administration after the Bundestag elections. The basis for this is a paradigm shift in the evaluation of data protection and a readjustment in the implementation of the General Data Protection Regulation (GDPR) in the course of the ongoing evaluation of the Federal Data Protection Act (BDSG).
In the position paper, the BvD outlines a stronger role for the data protection officer for companies. While many companies are required to appoint a data protection officer or do so voluntarily, the legal framework only provides for an advisory and monitoring role, it said. “In practice, we experience an overburdening situation for companies here if they have a data protection officer, but this officer can only be active to a limited extent. This is counterproductive and harms acceptance,” says Thomas Spaeing, chairman of he BvD board.
With simple changes in the BDSG and GDPR, the appointment of a DPO becomes even more valuable for companies. For this purpose, adjustments, for example, in the keeping of the register of processing activities, an adjustment of the notification requirements to the data protection supervisory authorities, and changes in the responsibility for the data protection impact assessment are concrete and practical options.
Furthermore, the positive work of individual data protection supervisory authorities in the federal states could be further improved. For example, by allowing the German Data Protection Conference (DSK) to make binding decisions, thus ensuring a uniform interpretation of legal data protection requirements. “Different interpretations in 16 federal states are neither sensible nor purposeful. Companies and businesses need a comprehensible and uniform application of data protection laws. This would be possible through new coherence procedures and binding decisions by the data protection conference,” the paper states.
The BvD’s 5-point paper was taken up editorially by IT-daily. You can find the German report in IT-daily here.
In addition, BvD board chairman Thomas Spaeing was invited to explain the demands in an opinion piece in the “Tagesspiegel Background”. Here you can find the opinion piece (in German) in “Tagesspiegel Background” (registration required).