Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Germany: BGH rules name of DPO not essential in privacy policy or access request

On May 14, 2024, the Federal Court of Germany (BGH) issued its decision in Case No. VI ZR 370/22, in which it held that the name of the data protection officer (DPO) is not required to be disclosed in the privacy policy or when responding to data subject requests under the General Data Protection Regulation (GDPR).

Background to the decision 

The plaintiff in the present case requested access to information from the defendant, a bank, alleging, among other things, that the defendant provided incomplete information and that the name of the defendant's DPO was not provided.

Findings of the BGH

The BGH found that when communicating the contact details of the DPO in accordance with Article 13(1)(b) of the GDPR, the mention of the name is not mandatory. It is sufficient for the person concerned to provide the information necessary for the accessibility of the responsible authority, such as contact details. Similarly, the name of the DPO is not necessary to be provided under Article 15(1) of the GDPR.

Outcomes 

The appeal was dismissed as inadmissible by the BGH.

You can read the decision, only available in German, here.