Numerous enterprises are legally obliged to appoint a data protection officer. If such legal duty exists, the controller may choose between appointing an external data protection officer and designating an internal employee. The German Association for Data Protection will gladly provide you with the external DPO.

According to Art. 39 (I) of the GDPR, which is effective as of 25 May 2018, the data protection officer has to fulfil least the following tasks:

(a) informing and advising the controller or the processor and the persons carrying out the processing operations regarding their obligations under the General Data Protection Regulation and other data protection regulations of the Union or the Member States;

(b) monitoring compliance with the General Data Protection Regulation, other Union or Member States’ data protection regulations as well as the strategies of the controller or the processor concerning the protection of personal data, including the allocation of responsibilities, awareness and training of the employees involved in the processing operations and the controls related thereto;

c) consulting – upon the request – in connection with the data protection impact assessment and monitoring of its implementation in accordance with Art. 35 GDPR;

(d) cooperation with the supervisory authority;

(e) acting as a point of contact for the supervisory authority in matters relating to the processing, including prior consultation in accordance with Art. 36 GDPR, and, where appropriate, advising on all other matters.

Furthermore, a data protection officer could take over the following matters:

  • Audit of the enterprise data protection

  • Development of internal data protection procedures

  • Concept configuration for processes relevant to data protection

  • Implementation of modification to internal data protection measures

  • Monitoring compliance with data protection guidelines

  • Advising on the introduction or adaptation of relevant processes

  • Responding to requests from shareholders

  • Support in the area of public relations (data protection)

  • Audit and monitoring of the processors

More about Our Data Protection Officers?