A data protection officer is responsible for a practical organization of data protection that complies with the law. Our external data protection officers advise both companies and authorities. We raise awareness at the top level of the organizational structure.
The responsible employees of the respective departments as well as the entire staff of the organization who come into contact with personal data or even have the opportunity to access such in IT environments are trained in the legally compliant handling of personal data.
One of the most important provisions of the General Data Protection Regulation (GDPR) is the mandatory appointment of a data protection officer for authorities and companies that operate in the economic area of the European Union, provided this is provided for by the basic regulation, Union law or the law of the member states.
Companies should now familiarize themselves with the new provisions of the General Data Protection Regulation. Adapting the data processing processes takes time!
With regard to the right data protection officer for your company, there are certain legal regulations that must be observed. We are happy to provide you with an overview of the requirements of our law and an information basis for deciding whether to work with an external or internal data protection officer.
An external data protection officer, like the internal one, must be selected according to the requirements laid down in Art. 37 Para. 5, 39 DS-GVO: Based on these legal regulations, he must already have the professional qualifications and the necessary specialist knowledge required to fulfill the tasks at the time of his appointment have, whereby the level of knowledge required should basically be determined by the scope of the data processing by the person responsible and the need for protection of the personal data processed.
Practical experience gained in advance, technical knowledge, training and further education and proof of special data protection training may be required. Candidates should also be expected to have IT qualifications so that they can understand the sometimes technically complex processes. In addition, he should have (at least a basic) legal understanding in order to be able to understand the large number of regulations that result from the General Data Protection Regulation, the ePrivacy Regulation and national law and to be able to apply the judgments that have been made .