The General Data Protection Regulation (GDPR) introduced the first European-wide duty for companies and public authorities to appoint a data protection officer (DPO). At the same time, the regulation has tightened the requirements for the appointment of a DPO and altered the DPO's position and role. The GDPR has increased the importance of DPOs within companies, public bodies, and nonprofit organizations.
Public bodies, like public authorities, schools, and kindergartens, have a duty to appoint a DPO. Under the GDPR, private bodies, like companies, need to appoint a DPO if certain conditions are fulfilled. The appointment is mandatory if
In addition, the GDPR allows Member States to enact additional national rules for the appointment of DPOs. Germany has made use of this option. Pursuant to the new version of the Federal Data Protection Act (BDSG-new), the controller of the data processing has the duty to appoint a certified DPO if
Where a company is not required to appoint a DPO, it can decide to do so voluntarily.
The DPO's role is to enable self-monitoring with regard to compliance with data protection rules.
His duties include
The GDPR has significantly increased both the duties and the responsibilities of the certified data protection officer. As a consequence, he will only be able to fulfill his duties adequately if he is suitably qualified and experienced in the areas of privacy law and data protection practices in Germany.
Basically an organization can appoint either one of its employees as a DPO (internal DPO) or an external DPO based on a service agreement. Due to the wide range of duties and the required expertise, practical experience has shown that an external solution offers a variety of advantages.
The advantages of engaging an external data protection officer include
A disadvantage of an external DPO is, however, that he will first have to get acquainted with the particularities and processes of the client organization.
An organization that fails to appoint a data security protection officer although it is legally obliged to do so is in violation of the GDPR and may face a fine of up to EUR 10 million or, in case of a company, up to 2 percent of the overall annual turnover generated worldwide in the preceding business year.
As a consequence all companies, nonprofit organizations, and public bodies should check whether or not they have a duty to appoint a DPO. Our privacy experts will be very pleased to assist you in doing so.
Your data protection in the hands of experts: We will be pleased to provide the external data protection officer for your organization or to advise and assist your corporate DPO as needed in the individual case.
Our services include:
We assist your organization as an external ata protection officer. We will be pleased to provide a customized offer. Your contact partners for any questions relating to DPOs are
The easiest way to reach us is by e-mail (firstname.lastname@example.org) or by phone (+49 69 76 75 77 80).
21.09.2022 - Olga Stepanova
29.06.2022 - Patricia Jechel
30.12.2021 - Olga Stepanova