What the DPO Requirement Check evaluates
The DPO Requirement Check for associations evaluates, per Art. 37 GDPR and § 38 BDSG with volunteer-analogous application, whether your association needs a DPO. Special feature: the 20-person threshold includes both staff and volunteers.
Legal foundations
GDPR Art. 37; BDSG § 38 (20-person threshold); § 26 BDSG analogy for volunteers. For religious bodies: KDG/DSG-EKD regulator. Placeholder — Phase 46 provides the target-group-specific ContentBlock.
How the check works
1. Choose your association type (registered association, foundation, non-profit GmbH, religious) 2. Provide number of staff and volunteers (sum is relevant for § 38 BDSG) 3. Answer questions about member, donor, and special-category data 4. Receive an assessment with references to association law
Your benefits
• Free and without registration • Volunteer analogy under § 26 BDSG considered • Points to religious regulators where KDG/DSG-EKD applies • Legal status April 2026
Frequently asked questions
- Do volunteers count for the 20-person threshold?
- Yes, as a rule. The prevailing legal view applies § 26 BDSG analogously to volunteers, so they are included in the § 38(1) BDSG count.
- Does § 38 BDSG apply to religious organizations?
- Art. 91 GDPR allows religious data protection laws (KDG/DSG-EKD); § 38 BDSG does not apply there. The religious data protection laws have their own appointment rules.
- What if our association is small?
- Even without a mandatory DPO, GDPR core duties apply (Art. 5, 6, 13, 14, 32). A voluntary DPO or a designated data-protection liaison can be a good option.
This initial assessment is not legal advice and does not replace consultation with a qualified lawyer. Legal status: April 2026.