Employees who violate their contractual obligations may be dismissed without notice. To find out what changes if the employee is also an internal data protection officer, click here.
Work and official duties
Every employment contract gives rise to so-called work duties for the employee. If, for example, the employee also assumes the office of data protection officer, so-called official duties also arise.
If the data privacy officer violates his or her official duties without at the same time violating his or her work duties, this is not sufficient for termination without notice. Rather, a breach of official duties merely justifies dismissal from office.
Duties of a data protection officer
A data protection officer primarily has an advisory and supervisory function. The responsible party (employer) remains responsible for the organizational implementation of measures to ensure an appropriate level of data protection.
Current example
The Heilbronn Labor Court recently had to decide the following case (judgment dated September 29, 2022, file no. 8 Ca 135/22):
Ein Arbeitnehmer klagte gegen eine fristlose Kündigung durch den Arbeitgeber. Der Arbeitnehmer war schon 20 Jahre bei dem Arbeitgeber tätig und die letzten Jahre auch mit dem Amt des internal data protection officer betraut. Der Arbeitgeber warf dem Arbeitnehmer mangelhafte Leistungen im Bereich des Datenschutzes vor: Laut der Revisionsprüfung durch eine Wirtschaftsprüfungsgesellschaft bestünde kein dokumentiertes Datenschutz-Managementsystem, Datenschutzrichtlinien lägen nur im Entwurf vor und Mitarbeiter seien nicht ausreichend geschult worden. Der Mitarbeiter hatte deshalb auch schon eine Abmahnung erhalten.
Dem hielt der Mitarbeiter entgegen, dass er als Datenschutzbeauftragter lediglich Beratungs- und Kontrollfunktion habe. Die strukturelle Umsetzung datenschutzrechtlicher Vorgaben falle nicht in seinen Aufgabenbereich.
The Heilbronn Labor Court ruled in favor of the employee. If there really had been a breach of duty, it was a breach of official duty. However, a breach of duty is required for termination without notice. At most, the employer could dismiss the data protection officer. Ultimately, the employer itself, as the responsible party, is also obligated to implement organizational measures to establish an appropriate level of data protection.
Conclusion
When it comes to breaches of duty by an employee who simultaneously assumes an office, a distinction must be made between official duties and work duties. Only a breach of duty at work makes termination without notice possible, if applicable.
The office of the data protection officer entails control and monitoring duties. He or she supports the data controller and makes recommendations for improving data protection. The implementation of appropriate technical and organizational measures is in the hands of the data controller (cf. Art. 24 GDPR).
Ihr Unternehmen braucht einen Datenschutzbeauftragten? Bestellen Sie uns als external data protection officer. Zögern Sie nicht uns zu contact!
Learn herewhen a data protection officer is mandatory, and herewhat an external data protection officer does.
English 
Deutsch 
Español 
Français 
Polski