A Data Protection Officer (DPO) is a person in charge of verifying the compliance of the personal data processing with the applicable law. The DPO communicates information on processing personal data such as its: purposes, interconnections, the types of data and the categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
The European General Data Protection Regulation (GDPR) requires that data controllers and data processors designate a Data Protection Officer in any case where:
A DPO is not mandatory for every organization under the GDPR but is highly recommended. However, the local obligations under German Law still applies.
Germany has additional requirements beyond the GDPR as to when businesses must appoint DPOs. Under German law, Data Protection Officers must always be appointed when a company processes information subject to a data impact assessment or, when personal data is commercially processed for the purpose of transfer, anonymized transfer or market research. In addition, Germany requires businesses to designate a Data Protection Officer when there are consistently 10 or more employees who routinely process data through automated means. Note that DPOs have protected employment under the BDSG (i.e. DPOs can only be fired when there is evidence that would allow immediate termination for cause).
Ultimate Software's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where Ultimate Software's customers have employees. HR Compliance Assist is a service exclusively available to Ultimate Software customers.
