No company can get around compliance with legal data protection requirements. The European General Data Protection Regulation (GDPR) has created a uniform basis for personal data protection throughout Europe. Companies that fail to comply with these regulations can face severe penalties. At the same time, more and more companies find themselves in need of an internal or external data protection officer.
Personal data includes all information that pertain to persons who are or can be identified. This applies to both customer and employer data. The European General Data Protection Regulation, which came into force on May 25, 2018, regulates the requirements for processing, storing and using this data. GDPR is globally valid and needs to applied whenever EU citizens’ data are concerned. Personal data within the meaning of GDPR include but are not limited to:
Particularly sensitive data include for example health data, ethnic origins, personal, political and ideological positions, sexual orientation, genetic and biometric data, and criminal records.
Companies where at least twenty persons are regularly involved in the processing of personal data must appoint a data protection officer. This includes independent contractors and anyone not employed by the company on a regular basis who process personal data. Companies are furthermore obliged to ensure that their external data processing is compliant with the GDPR and to take appropriate measures.
Companies that process particularly sensitive personal data or are required to conduct a data protection impact assessment must appoint a data protection officer, regardless of the number of employees involved in processing such data.
Unternehmen, die besonders sensible personenbezogene Daten verarbeiten oder zur Durchführung einer Datenschutzfolgenabschätzung verpflichtet sind, müssen unabhängig von der Anzahl der Mitarbeiter, die mit der Verarbeitung dieser Daten beschäftigt sind, einen Datenschutzbeauftragten bestellen.
GDPR implementation in the company
Creating data security concepts and implementation guidelines
Conducting the data protection impact assessment for risk evaluation
Establishing legally compliant data protection documentation
Processing data protection incidents and inquiries from affected persons
Data protection training and consulting for employees and managers
Cooperation with the responsible regulatory body
Companies can decide whether to appoint an internal or an external data protection officer. An external data protection officer is often the better choice here. You work together with a proven data protection expert who is up to date on current legal regulations, innovations, new risks as well as best practices. What’s more, external data protection officers are neutral and not involved in any intracompany conflicts of interest. This means an external partner can quickly and efficiently implement a data protection POA.
The rates for an external data protection officer depend on the volume of work involved. Smaller companies may book this type of service package for a monthly flat rate as low as EUR 190. This avoids training or other ancillary costs. „And they cost a lot less than appointing an internal employee on a part-time basis.“ The external data protection officer bears any liability arising from data protection errors arising from faulty advice. In the case of an internal data protection officer, however, corporate liability may apply.
We offer expert knowledge in all matters relating to the GDPR and provide GDPR-compliant data protection. As external data protection officers and consultants, we ensure that your company is always on the safe side when it comes to data protection. In addition, we provide you with an extensive database of up-to-date data protection information. For a non-binding consultation appointment, please contact us – we look forward to hearing from you.