Our Approach as External Data Protection Officers

Efficient and trustworthy communication is at the heart of our cooperation. We help with data protection-related modifications as well as with the planning of new business processes and operations.

1. Offer

With an individual and detailed offer we ensure transparency.


2. Confirmation

After successful negotiations and the appointment we assume our tasks.


3. Implementation

We start with the implementation of the new data protection concept.


The statutory-compliant written appointment of the data protection officer has been made. Here we go.

Your external data protection officer first carries out a data protection audit. Then staff trainings follow. Service or works agreements are prepared. Your individual data protection handbook is drawn up. The data protection-related knowledge building starts off.

This all is always preceded by an offer. We prepare one for the new client, as soon as we are aware of the individual requirements – the size of the enterprise, the number of employees and other factors specific to each individual case. We make the necessary clarifications by telephone. We will discuss fundamental questions about data protection as well as your individual ideas.

This helps us to get an overview of the future support and advice of your company. As soon as our offer is accepted, we commence with the work.


1. The starting Point

Your future data protection officer first arranges an appointment for a kick-off meeting. Before the deadline you will receive both the certificate with by means of which you formally appoint our data protection officer as well as the contract concluded with the German Association for Data Protection.

During the kick-off meeting, the documents are signed. Together, we are laying the foundations for our cooperation. Now your employees, business partners and customers may contact your external data protection officer.

2. To lay the Foundation

At the beginning the actual state analysis of the client is carried out. This is why we first conduct a data protection audit. This helps us identify vulnerabilities.

Further, we create the public procedure directory, which is one of the cornerstones of your future transparency. In this document we describe which personal data and in which way are processed.

As a result, the data protection officer addresses the obligation of your employees to the data secrecy. We clarify your employees about the legal basis of data protection: the German Association for Data Protection provides you with an online trainings and shows its presence. All external persons involved in the processing of personal data are identified and are obliged to comply with data protection regulations. Afterwards, your commitment will be made visible by means of your new data protection policy.

The structure of the data protection structure is what your employees are doing right from the start. They are integrated into the entire process.

3. Focus on your Enterprise

If the data protection foundation is laid, the external data protection officer of the German Association for Data Protection can go into a deeper examination and build up or expand the documentation.

A review of all data protection-relevant procedures follows. This requires research on internal workflows and processes. Interviews with selected employees are conducted. The inspection of relevant premises (server rooms, etc.) as well as the inspection of documents and contracts takes place. After the analysis of the collected information recommendations and improvement measures are suggested and explained.

Your external data protection officer, together with your employees, elaborates the necessary procedural directories. He assists protection impact assessments that are to be carried out. Ultimately, the creation of a data protection manual follows, which describes both the processes as well as all policies, service instructions and data protection concepts.

4. Constant Improvement

Our goal is the continuous monitoring and support of our clients.

Our focus now is on the constant improvement of data protection at the client, the implementation of annual data protection audits, but also on the monitoring of his contract processors.