you are a public authority (except for courts acting in their judicial capacity);
your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
In Germany the law has been that you only need a DPO if a) you are a public authority, b) at least 10 people in your organization/company handle or have access to personal data or c) you handle sensitive data (e.g. health records).
As far as I know the GDPR doesn't change these requirements here. So even if you're a company of 5 people and just handling some email addresses or similar data you certainly don't need a DPO.
Under the GDPR, you must appoint a DPO if:
you are a public authority (except for courts acting in their judicial capacity); your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
So - no?