Authorized representative

for the

Data protection.

Many companies are obliged to appoint a data protection officer. The data protection officer does not necessarily have to be an internal employee of the company. An external data protection officer is also possible and also offers many advantages.

Call now!

The data protection officer

A data protection officer is responsible for ensuring that all data protection regulations – in particular the General Data Protection Regulation (GDPR) and supplementary national regulations – are properly implemented in companies and public authorities. The data protection officer advises and trains the company in all aspects of data protection, monitors the implementation and effectiveness of technical and organizational measures and serves as a central point of contact for data subjects and supervisory authorities. They also provide support in carrying out data protection impact assessments and continuously improving internal data protection management in order to minimize risks when handling personal data.

What qualifications must a data protection officer have?

First and foremost, a data protection officer must have in-depth specialist knowledge of data protection law and the relevant IT security aspects. This includes a sound understanding of the General Data Protection Regulation (GDPR) and the supplementary national regulations, which enables them to analyze complex data protection issues and recommend suitable measures. In addition, they are often expected to have relevant qualifications – for example in the form of specialized further training, certifications or relevant professional experience in the field of data protection and IT security.

The data protection officer must be independent and free from conflicts of interest. Senior employees, managing directors or (co-)owners of the company, IT managers or family members of these persons are therefore unsuitable as data protection officers.

Who needs a data protection officer?

According to the GDPR, the following controllers and processors require a data protection officer for the processing of personal data

Authorities or public bodies (e.g. notary), with the exception of courts.
Companies whose core activity is the extensive, regular and systematic monitoring of data subjects (e.g. companies that use tracking, scoring, location tracking through apps, behavior-based advertising or surveillance cameras).
Companies whose core activity is the extensive processing of special categories of data (e.g. data on health, race, ethnic origin, political views, religion, sex life, biometric and genetic data) or criminal convictions (e.g. doctors, hospitals, nursing homes, defense lawyers).
Companies that employ at least 20 people on a permanent basis for the automated processing of personal data.
Companies for which a data protection impact assessment must be carried out (e.g. rating portals, insolvency administrators, monitoring services).
Companies that process personal data commercially for the purpose of transmission, anonymized transmission or for the purpose of market or opinion research.

Advantages of an external data protection officer

External data protection officers often have advantages for the client compared to internal data protection officers. For example, there is no need for in-house training for in-house employees, conflicts of interest are regularly ruled out, there is no special protection against dismissal under employment law and in-house employees are not burdened with additional tasks. In many cases, an external data protection officer is also more cost-effective with higher quality.

External data protection officer through cooperation partner

We will be happy to advise you on all questions relating to data protection and also on the question of whether you need a data protection officer at all. However, we ourselves will not provide you with an external data protection officer, as we would also have a conflict of interest in this respect as your advisors.

We therefore cooperate closely with OBSECOM GmbH, which acts as an external data protection officer for companies in the EU and Switzerland. OBSECOM GmbH supports your company from the auditing and adaptation of all the company’s processing procedures, together with the preparation of the relevant documents such as procedure directories, to ongoing support and the appointment of an external data protection officer.

Further information about the data protection experts at OBSECOM GmbH and their services can be found at obsecom.eu.