What the DPO Requirement Check evaluates
Public authorities have a mandatory DPO appointment under § 5 BDSG — regardless of staff size and processing type. The check confirms your obligation and displays the relevant statutory references.
Legal foundations
GDPR Art. 37(1)(a); BDSG § 5 (mandatory DPO appointment for public bodies). § 38 BDSG (20-staff threshold) does not apply. Placeholder — Phase 46 provides the target-group-specific ContentBlock.
How the check works
1. Choose your authority type (federal, state, municipality, public enterprise, public-law institution, corporation) 2. Brief questions on departmental structure and shared-DPO models 3. Clear confirmation of the obligation plus guidance on internal vs. external DPO models
Your benefits
• Free and without registration • § 5 BDSG as the legal basis clearly documented • Guidance on shared DPOs for small authorities • No fine-warning scaremongering (§ 43(3) BDSG)
Frequently asked questions
- Does the 20-person threshold apply to authorities?
- No. § 5 BDSG establishes a mandatory DPO appointment for public bodies. § 38 BDSG (20-staff threshold) applies exclusively to private-sector organizations.
- Can multiple authorities share one DPO?
- Yes. Art. 37(3) GDPR and § 5(1) sentence 2 BDSG allow the designation of a shared DPO for a group of undertakings or multiple authorities.
- Is the DPO to be internal or external?
- Both are permitted (Art. 37(6) GDPR). External DPOs may act on the basis of a service agreement.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.