Employees who violate their contractual obligations may be dismissed without notice. To find out what changes if the employee is also an internal data protection officer, click here.
Work and official duties
Every employment contract gives rise to so-called work duties for the employee. If, for example, the employee also assumes the office of data protection officer, so-called official duties also arise.
If the data privacy officer violates his or her official duties without at the same time violating his or her work duties, this is not sufficient for termination without notice. Rather, a breach of official duties merely justifies dismissal from office.
Duties of a data protection officer
A data protection officer primarily has an advisory and supervisory function. The responsible party (employer) remains responsible for the organizational implementation of measures to ensure an appropriate level of data protection.
The Heilbronn Labor Court recently had to decide the following case (judgment dated September 29, 2022, file no. 8 Ca 135/22):
An employee filed a complaint against termination without notice by the employer. The employee had already worked for the employer for 20 years and had also been entrusted with the office of internal data protection officer for the last few years. The employer accused the employee of poor performance in the area of data protection: According to the audit by an auditing company, there was no documented data protection management system, data protection guidelines were only available in draft form and employees had not received sufficient training. The employee had therefore already received a warning.
The employee countered that as a data protection officer he only had an advisory and monitoring function. The structural implementation of data protection requirements does not fall within his remit.
The Heilbronn Labor Court ruled in favor of the employee. If there really had been a breach of duty, it was a breach of official duty. However, a breach of duty is required for termination without notice. At most, the employer could dismiss the data protection officer. Ultimately, the employer itself, as the responsible party, is also obligated to implement organizational measures to establish an appropriate level of data protection.
When it comes to breaches of duty by an employee who simultaneously assumes an office, a distinction must be made between official duties and work duties. Only a breach of duty at work makes termination without notice possible, if applicable.
The office of the data protection officer entails control and monitoring duties. He or she supports the data controller and makes recommendations for improving data protection. The implementation of appropriate technical and organizational measures is in the hands of the data controller (cf. Art. 24 GDPR).
Your company needs a data protection officer? Appoint us as your external data protection officer. Do not hesitate to contact!