Hamburg DPA: enforcement actions re obligations to appoint data protection officers

In a press release dated January 8, the Data Protection Authority of Hamburg announced broad enforcement actions in order to curtail the numerous “privacy scandals” that have occurred in Germany in past months. The DPA will check in particular whether companies comply with their obligation to appoint internal data protection officers. Recent controls by the authority have apparently revealed that many companies have not lived up to this statutory obligation. In order to be able to effectively review the practice of a considerable amount of data controllers, the Hamburg DPA has developed a written examination schedule. As of January 2010, the DPA intends to focus on particular business sectors and send out letters to all major companies that are active in the respective sectors to request information on the appointment of a data protection officer. As a start, the DPA will focus on the logistics sector. Other industries will follow during the course of 2010.