Internal and External Data Protection Officer in direct Comparison

There is no direct difference weather the data protection of an organization is supervised by an internal or external data protection officer. Therefore, different aspects must be taken into account when selecting a right person.

The Comparision

EXTERNAL
INTERNAL
Costs of trainings and educationborn by usborn by the employer
Costs for legal literatureborn by usborn by the employer
Organization of a substitutionborn by usborn by the employer
Protection against dismissalterminable at any time1 year after the removal from the position
LiabilityLiability of third partyLiability of the employer
View of the enterpriseneutral and objectivesubjective influence
Cost transparency and cost securitycontractually fixed pricesunclear through several accumulated positions
Designing of policies, contracts, declarations, etc.part of our everyday worklonger processing times
Interdisciplinary and cross-sector knowledgewe bring alongdifficult, long-term maintenance

Bound or Free of Influences

An employed data protection officer is characterized by a familiarity with internal business processes and the responsible persons, which results in an individual bond with a company.

The external data protection officer, on the other hand, assumes an objective position. It receives an overview of the data protection in the organization independently of all types of influences.

Protection against Dismissal or not?

One main difference lies in the protection against dismissal. A dismissal of the internal data protection officer is not permitted during the time of appointment, § 4f (3) sentence 5 FDPA. After the removal from the office, he or she enjoys a notice period of one year, § 4f (3) sentence 6 FDPA.

The external agent is not subject to special protection.

If the existing Duty to appoint a Data Protection Officer is not fulfilled, a fine may be imposed.