Certified data protection officer

Who needs a data protection officer?

Legal obligation

In Germany, companies with at least twenty employees usually need a data protection officer, according to Section 38 Federal Data Protection Act (BDSG). Furthermore, an obligation to appoint one may arise from Art. 37 GDPR or Sec. 38 (1) Sentence 2 Federal Data Protection Act (BDSG).

Compliance and trust

However, the general data protection law regulations must also be complied with by small companies. These can voluntarily appoint a data protection officer for the tasks. This can be useful not only from a compliance point of view, but also to increase the trust of customers.

Who can become a data protection officer?

A company may appoint either an internal employee or an external service provider as data protection officer. According to Art. 37 (5) GDPR, the requirement in any case is that the appointed data protection officer has expertise in the field of data protection law and practice. This is more relevant than ever, especially today, as data protection regulations are changing more frequently and becoming more stringent in an era of digitalization. In order to comply with the extensive data protection guidelines, it is therefore important to have an experienced data protection officer. After all, should a breach occur, the managing director is liable as the responsible party according to Art. 4 No. 7 GDPR. In addition, this can also cause enormous damage to the company’s image.

We offer companies the option of appointing us as their external data protection officer. In that case, we will act as a service provider and take over all tasks of the data protection officer according to Art. 39 of the GDPR. Due to many years of consulting our clients on data protection issues, we have the necessary expertise in law and practice. Our colleague Felix Gebhard is also a certified data protection officer (DSB TÜV Süd).

Our service:

• Supporting and advising management and employees on their obligations according to the GDPR and other data protection regulations.
• Monitoring compliance with the legal requirements as well as your strategies for the protection of personal data, including the assignment of responsibilities and the sensitization of employees.
• Where appropriate, training of staff who are involved in processing operations.
• If necessary, advice in connection with the data protection impact assessment, Art. 35 GDPR.
• Assistance in the creation of a register of processing activities.
• Cooperation with the supervisory authority and operation as its contact point, Art. 37(7) GDPR.
• Contact point for data subjects when asserting data subject rights (e.g. information, advertising objection).

Why you should choose our service:

• By appointing an external data protection officer, conflicts of interest within the meaning of Art. 38 (6) p. 2 of the GDPR and the resulting fines can be avoided.
• Transparent data protection strengthens your customers’ trust in the company.
• No standardized tables, online forms, checklists and sample texts.
• Customized advice based on the specific needs of the company.
• Personally available at all times.
• Training conducted in person and on site.
• Drafts, questionnaires (e.g. for the creation of the processing directory, recording of technical and organizational protection measures) and other documents for the implementation of data protection guidelines.
• Individual consulting by limited number of supervised companies by a data protection officer.

Our offer:

We offer our services as an external data protection officer as part of various standard packages starting at EUR 299.00 plus VAT per month. The specific costs depend on the size of the company. The different packages can still be variably arranged according to individual requirements.