Current info on the Data Protection Officer’s duty to inform pursuant to Art. 37 Para. 7 GDPR

Pursuant to Art. 37 Para. 7, Data Protection Officers shall notify supervisory authorities as follows:

Who is responsible for reporting? 
The responsible person or the order processor will pass the contact details of the Data Protection Officer on to the responsible supervisory authority, i.e. company management (Art. 37 Para. 7 GDPR).

What data must be reported?
– Company name
– Company address
– Tel. No. of the company
– First name and surname of the Data Protection Officer
– E-mail address of the Data Protection Officer


Most supervisory authorities provide an online reporting form that, however, often exceeds the legally prescribed scope. Reporting may alternatively also be via mail or fax.

Federal state Link to reporting page Status 
Baden-Württemberg Online form available
Bavaria Private:

Public bodies:
 (will not penalise failure to report before end of August)

Online form available

Online form available

Berlin Online form available
Brandenburg unclear
Bremen untraceable
Hamburg E-mail, mail, fax
Hesse Online form available
Mecklenburg-West Pomerania Online form available
Lower Saxony Not yet available
North Rhine-Westphalia Failure to report by 31.12. not classified as an offence.
Rhineland-Palatinate Online form available
Saarland Online form available
Saxony available as PDF
Schleswig-Holstein Not yet available
BfDI Not traceable
Protestant Church Die EKD (Protestant Church Germany) has various regional centres:
Sample certificates of appointment available at:
Mail, e-mail
Catholic Church The link to the Catholic Church online portal for naming the Data Protection Officer is:
Mail, e-mail


Leave a Reply

Your email address will not be published. Required fields are marked *