According to the Federal Data Protection Act (German Bundesdatenschutzgesetz; BDSG), an operational data protection officer enjoys special protection against dismissal during his or her appointment and one year following the end of the appointment (§ 4f para. 3 sent. 5 and 6 BDSG).
For the duration of the special protection against dismissal the employment relationship can only be terminated without notice for good cause; regular termination is not permitted. But what is the legal situation in the event that an employer appoints another data protection official?
The Federal Labour Court has decided that a deputy data protection officer is also entitled to special protection against dismissal under the BDSG.
In the decided case, the defendant had appointed the claimant in writing as a “deputy” data protection officer for a limited period of time (from August 1, 2014 to February 1, 2015) due to a long-term illness of the data protection officer. During his appointment, the claimant performed data protection duties.
In a letter dated October 1, 2015, i.e. eight months after the expiry of the fixed-term appointment as deputy data protection official, the defendant duly terminated the employment relationship of the parties. In response, the claimant filed a dismissal protection suit.
The Federal Labour Court and the lower courts considered the termination to be ineffective. In the event that an employer (or a body subject to the requirement to appoint an officer as per § 4f para. 1 BDSG) appoints several internal data protection officers, the Federal Labour Court takes the view that they acquire the special protection against dismissal as regulated in § 4f para. 3 sent. 5 and 6 BDSG. Whether it was necessary to appoint another “deputy” data protection officer to carry out the tasks arising in the company is irrelevant.
Recommendation for practice:
In practice, this ruling shows that the employer must also keep an eye on special protection against dismissal (which is effective up to one year after dismissal) when appointing additional “deputy” data protection officer. Employers should examine carefully whether the appointment of additional data protection officers is really necessary.