According to the wish of the European legislator, a data protection officer is to be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices, Article 37 para 5 DS-GMO (valid as of 25 May 2018). In this respect, an internal data protection officer would have to have practical expertise, be an expert in data protection law and maintain his knowledge permanently. If, for example, he or she is lacking the legal knowledge, his or her designation may be inadmissible.
If an enterprise appoints an internal employee as data protection officer, this may also lead to conflicts of interest. An external data protection officer, on the other hand, does not perform any other tasks in your enterprise. Many companies are therefore using external data protection officers.
Some advantages of designation of an external data protection officer: