External data protection officer

Legal requirements for the appointment of a data protection officer

With the entry into force of the General Data Protection Regulation (GDPR), the concept of data protection officers was established at European level. The obligation to appoint a data protection officer now affects companies in Europe depending on their (core) areas of activity or size. In particular, companies that carry out extensive processing of special data or data processing must appoint a company data protection officer.

In Germany, the obligations to appoint a data protection officer for non-public companies were specified in Section 38 of the Federal Data Protection Act (BDSG). Here, it was stipulated that a data protection officer must be appointed if, as a rule, at least 20 persons are permanently employed with the automated processing of personal data.

Section 38 of the BDSG also stipulates that a data protection officer must be appointed if processing is carried out that is subject to a data protection impact assessment (Article 35 of the GDPR) or if personal data is processed on a business basis for the purpose of transmission, anonymized transmission or for the purpose of market or opinion research.

Alternatives to the appointment of a data protection officer

Corporate groups and companies have two options for fulfilling their obligation to appoint a data protection officer. Either they appoint an employee as internal data protection officer or an external data protection officer is appointed. When making their decision, corporate groups and companies should ensure on the one hand that the potential data privacy officer is not subject to any conflict of interest; because as an employee of the IT department, HR department or management, he or she would have to control himself or herself.

On the other hand, assuming the responsibility of the data protection officer requires specific expertise in data protection law and IT security, which will make the selection difficult. Thus, the appointment of an external data protection officer is a very good alternative for many groups and companies, since both a conflict of interest and the lack of specialist knowledge can be ruled out.

Tasks of a data protection officer

The tasks of the data protection officer include:

Sanctions

If a group or company intentionally or negligently fails to appoint a company data protection officer, this constitutes an administrative offense punishable by a fine.

An overview of the sanctions imposed by the data protection supervisory authorities can be found here.

Dieser Beitrag ist auch verfügbar auf: Deutsch (German)

Schnell für Sie erreichbar

Egal was sie beschäftigt, wir stehen Ihnen zur Seite.

Contact Us
How may we contact you *

Weitere Informationen

Platzhalter um das im Standard geöffnete Accordion zu verstecken

Unser Datenschutzkoffer ist wie ein Werkzeugkasten aufgebaut. Nutzen Sie die enthaltenen Werkzeuge und bauen Sie sich Ihreeigene Datenschutzdokumentationauf, diedie gesetzlichen Anforderungen der Datenschutz-Grundverordnung (DS-GVO)erfüllt. Wir beraten und unterstützen Sie dabei!

Ihre Internetseite wurde gehackt oder Sie sind Opfer eines Datenleaks geworden? Sie müssen innerhalb von 72 Stunden aktiv werden!

Wir helfen Ihrem Unternehmen in den kritischsten Situationen schnell weiter. Senden Sie uns alle notwendigen Informationen per Mail. Wir werden uns umgehend bei Ihnen melden.

Jedes Unternehmen egal ob KMU oder Konzern muss alle datenschutzrelevanten Vorgänge Dokumentieren. Vermeiden Sie Bußgelder und halten Sie die notwendigen Dokumente allzeit bereit!

Mit DigiBizs Solutions bieten wir eine kosteneffizente Plattform.

Quickly available for you

No matter what you are concerned about, we are at your side.

Contact Us
How may we contact you *

Further information

Platzhalter um das im Standard geöffnete Accordion zu verstecken

Our data protection case is structured like a toolbox. Use the tools it contains and build your own data protection documentation that meets the legal requirements of the General Data Protection Regulation (GDPR). We advise and support you!

Your website has been hacked or you have been the victim of a data leak? You need to take action within 72 hours!

We will help your company quickly in the most critical situations. Send us all the necessary information by email. We will get back to you immediately.

Every company, regardless of whether it is an SME or a corporate group, must document all processes relevant to data protection. Avoid fines and keep the necessary documents ready at all times!

With DigiBizs Solutions we offer a cost-efficient platform.