external data protection officer

The external data protection officers at DATUREX GmbH are experts in data protection and information security. Our team of IT specialists and lawyers will advise you nationwide with on-site support in data protection.





Hermann-Reichelt-Strasse 3A 01109 Dresden

Opening hours


8 am - 6 pm

Customers of DATUREX GmbH

What is an external data protection officer?

An external data protection officer (DPO) is an independent data protection expert hired by companies to ensure compliance with data protection laws. They take responsibility for advising and monitoring the company's data protection practices, including GDPR compliance.

Why choose DATUREX GmbH as your external data protection officer?

DATUREX GmbH combines in-depth legal knowledge with technical expertise to offer first-class data protection advice. Our team of certified IT specialists and lawyers will ensure that your company meets the strict requirements of the GDPR. With our Data protection solutions you not only save costs, but also benefit from our expertise and flexibility. 

Unique advantages with DATUREX GmbH:

Cost efficiency and technical expertise

The commissioning of a external data protection officer from DATUREX GmbH means access to specialized knowledge without the need to tie up internal resources. Our transparent and predictable cost structures offer your company financial benefits while you can concentrate on your core business.

Individual data protection strategies and training

Every company is unique, which is why we offer customized data protection strategies. By analyzing your specific needs, we develop effective data protection concepts and offer training to promote comprehensive data protection awareness in your company.

Continuous advice for data protection compliance

As your external data protection officer DATUREX GmbH is ready to advise you on all data protection issues. From the initial inventory to the continuous adaptation to new data protection regulations, we accompany you to ensure compliance.

Case studies: Proven successes in data protection

Our Case studies demonstrate how DATUREX GmbH has helped companies in various industries to improve their data protection practices and successfully overcome legal challenges. Be inspired by our success stories and find out how we can help your company too.

Stay future-proof: data protection at DATUREX GmbH

With the services of DATUREX GmbH, your company will remain data protection compliant not only today, but also in the future. We keep you up to date with the latest developments and technologies in data protection so that you are always one step ahead.


A external data protection officer from DATUREX GmbH offers more than just compliance. We offer a partnership that protects your business through expertise, customized solutions and ongoing support. Contact us today to learn how we can help your business be secure and successful.


Who we are

We are Computer scientists and lawyers who are specialized and certified in data protection and information security.

 BSI vice president contradicts Maaßen's conspiracy theories

We have interdisciplinary teams with computer scientists and lawyers.

Individual employees at our company have an extended security clearance ("Ü2") in accordance with § 9 SÜG and are therefore allowed to work in environments that have access to SECRET have classified information.

Due to 20 years of work as a computer scientist and 10 years of experience as an external data protection officer, consulting on technical and organizational measures (according to Art.32 - EU-DSGVO - security of processing) is no problem. Thus, we can offer you a comprehensive overall package.

As external data protection officers, we pursue two goals:

Only with trained staff, secured processes and a secure IT landscape can you avoid expensive breaches of the new regulation (DSGVO).

Through a network of other experts, we can provide the client with optimal advice as an external data protection officer.

We are a member of the central data protection associations and are in regular contact with other experts:

Your benefit
  • Legal certainty in dealing with sensitive data in all sectors
  • Improvements for security in data processing
  • Plannable costs of external data protection officers
  • Relieving the burden on the company organization by appointing an external data protection officer
  • High level of expertise in all data protection issues
  • Safeguarding the rights of the data subjects
  • Neutral advice on all data protection issues
  • Current information on data protection issues
  • Contacts with authorities and professional colleagues

External data protection officer

We are available to you as an external data protection officer and thus cover your legal obligations according to DSGVO.

External information security officer

We are available to you as an external information security officer and thus cover your legal obligations insofar as you are obligated, for example, as a Kritis participant or from other laws such as the IT Security Act. We are also available for certifications in the area of information security such as ISO 27001, TISAX, etc.

Data protection management

Our data protection management offers you a method for systematically planning, organizing, managing and controlling the legal and operational requirements of data protection.

On site with you

We attach great importance to personal proximity to our clients and are always ready for personal on-site appointments.


A variety of online and on-site training options are available to our clients, ensuring ongoing hands-on employee awareness.

The appointment of an external data protection officer in accordance with data protection requirements depends on the following factors

In Germany, you need a data protection officer (internal or external) in accordance with the legal requirements under the following conditions:

  1. Company sizeIf your company regularly employs at least 20 people who deal with the automated processing of personal data, the appointment of a data protection officer is required by law to ensure data protection in your company.
  2. Activities relevant to data protectionRegardless of the number of employees, a data protection officer is required if your company processes particularly sensitive data (e.g. health data) or if the core activity of your company consists of the extensive monitoring of individuals or the extensive processing of special categories of personal data. If you process personal data for business purposes, e.g. for market or opinion research, or if you are constantly entrusted with the processing of data in accordance with Art. 9 GDPR - processing of special categories, you should appoint a data protection officer. company data protection officer as a contact person in the company. Even small and medium-sized companies often need a consultant who can act as a  Data protection officer takes over the duties of the company in accordance with the GDPR and BDSG.
  3. Risk assessmentA data protection officer may also be required if the type of data processing poses a high risk to the rights and freedoms of natural persons, e.g. in the case of extensive profiling activities.
  4. Public bodiesPublic bodies are generally required to appoint a data protection officer.
  5. Voluntary orderCompanies can also voluntarily appoint a data protection officer to strengthen their compliance and minimize risks. In any case, all The company in the European Union are obliged to implement the data protection organization in their company in order to comply with the GDPR in their company, this applies to all small and medium-sized companies as well as many other companies of all sizes in the European Union. Even if there is no obligation, it always makes sense to have a data protection officer in the company and in terms of costs, an external data protection officer is usually the best choice.

Funding for data protection

External data protection is eligible for funding. You can apply for funding for your company from the Federal Office of Economics and Export Control (BAFA). We will be happy to assist you in submitting your application.


What obligations does a company have to fulfill under the GDPR?

The GDPR (General Data Protection Regulation) is a European Union regulation that regulates the Protection of personal data regulates. It applies to all companies, that process the personal data of EU citizens, regardless of the company's registered office.

The most important obligations of companies under the GDPR are

    • Transparency: Companies must provide transparent information to those affected, which personal data they process, what they use this data for and how long they store it.
    • Rights of data subjects: Companies must respect the rights of data subjects to information, rectification, erasure, restriction of processing, objection to processing and portability of your data.
    • Data security: Companies must take technical and organizational measures, to protect personal data from unauthorized access, Loss, destruction or alteration.
    • Obligation to report data protection incidents: Companies must report data protection incidents to the competent supervisory authority without delay.

In addition, companies must:

    • Appoint a data protection officer, if they fulfill certain criteria (e.g. B. if they process sensitive data on a large scale).
    • Maintain processing records, in which they document all processing activities.
    • Implement technical and organizational measures (TOM), to ensure the security of the data.
    • Train employees on data protection law.

Failure to comply with the GDPR may result in high fines be punished.

external data protection officer

The procedure

The new EU General Data Protection Regulation has been in force since 25. 05. 2018.
The appointment of an external data protection officer is unavoidable if at least twenty persons are involved in the processing of personal data. Another criterion is when processing operations are undertaken that are subject to a data protection impact assessment pursuant to Art. 35 DS-GVO or personal data are processed commercially for the purpose of transmission or for the purpose of marketing activities.
As external data protection officers, we provide our clients with neutral advice.
We guarantee a high level of experience, expertise and the necessary competence on the subject of data protection.

Appointment as external data protection officer and DSGVO-compliant consulting

Appoint us as external data protection officer and name us before the state data protection authority. We assume liability up to 1.5 million euros in the event of damage. If you appoint us as your external data protection officer, you avoid high personnel costs and permanent training costs for an employee who cannot be terminated.


The inventory is a complete documentation of all processes in which personal data are processed in the company.

The thorough inventory reveals a large number of processes relevant to data protection.


The analysis of the inventory means that the documented processing activities are checked for data protection compliance.

Each processing activity is linked to a checklist. The questions in the checklists are used to check whether the respective processing activity is carried out in compliance with the law.


After analyzing a processing activity, the result is evaluated to reveal vulnerabilities and risks.


Updating of processing activities that are not data protection compliant. Processes and sub-processes that are not completely data protection compliant must be adapted.


Applicants, employees and customers are informed comprehensively about the processing of their personal data in accordance with data protection law by means of information sheets in accordance with Articles 13 and 14 DSGVO. Furthermore, a data protection manual is made available to employees as an instruction manual with guidelines and directives, as well as emergency plans and further service instructions on data protection. Your employees will also be trained once a year and thus sensitized to the new data protection.

What are the advantages of an external data protection officer?

The appointment of an external data protection officer (DPO) offers companies numerous advantages:

Cost efficiency:

    • Lower costs of an external data protection officer compared to an internal DPO:
        • No personnel costs such as salary, vacation, social security contributions, etc.
        • No costs for training and further education
        • No investment in IT infrastructure and software
    • Transparent costs:
        • Fixed prices in advance
        • No hidden costs
    • Scalability:
        • Efficient adaptation of services to the needs of the company
        • No personnel restrictions such as protection against dismissal
        • Scale the number of data protection contacts without obligation


    • High level of technical expertise:
        • External DPOs are certified data protection experts
        • Constant updating of knowledge through further training
        • Experience from working with various companies
        • Qualified expertise and proof of qualification can be purchased without loss of time
        • Directly available contact person for the management
        • Implementation of even difficult topics such as a data protection impact assessment
        • Compliance with the requirements of the GDPR
    • Comprehensive advice:
        • Support in all data protection issues
        • Support with the implementation of the GDPR and BDSG
        • Development of data protection concepts
        • Data protection impact assessment by experts
        • Increased efficiency through multiple consultants
    • Reliable representation:
        • Safeguarding the interests of the company vis-à-vis authorities and supervisory authorities
        • Easier proof of impartiality than with internal data protection officers

Increased flexibility through service providers:

    • No commitment to an employee who is therefore subject to special protection against dismissal:
        • Termination at short notice possible
        • Possibility to change the DPO if necessary by using external service providers
    • No downtime:
        • Continuous representation by the external DPO
        • Vacation and sickness cover

Further advantages:

    • Objectivity and independence:
        • The external DPO is not involved in the operational processes
        • Avoidance of conflicts of interest
    • Confidentiality:
        • The external DPO is obliged to maintain confidentiality
    • Reputation:
        • Signal effect for customers and business partners
        • Demonstration of compliance with the GDPR and BDSG
        • External data protection officer is liable for his obligations under the GDPR


Hiring an external data protection officer offers companies a number of advantages, particularly in terms of cost efficiency, expertise, flexibility and objectivity.


Services of external data protection officers:

Implementation of the GDPR:

    • Review: Analysis of the current situation and target specifications in data protection
    • Development: Design and implementation of a data protection management system
    • Documentation: Creation of processing directories, Data protection information and declarations
    • Training: Sensitization of employees in handling sensitive data

Continuous support:

    • Monitoring: Compliance with the GDPR and other data protection regulations
    • Update: Adaptation of the data protection management system to new legal requirements
    • Consulting: Support with data protection issues and concerns
    • Representation: Contact person for authorities and supervisory authorities

Additional services:

    • IT security audit: Checking the security of IT systems and processes
    • Suspicious case management: Support in the investigation of data protection incidents
    • External data protection officer: Designation and appointment in accordance with Art. 37 GDPR


    • Legal certainty: Avoidance of warnings and fines
    • Efficiency: Relief of internal resources
    • Competence: Expert advice and support
    • Flexibility: Scalable services as required

External data protection officer Dresden:

    • Certified: TÜV+BSI+IHK
    • Experience: Many years of expertise in data protection
    • Trustworthy: Independent and neutral advice
  • Cost-effective: Transparent and fair prices
Internal vs. external data protection officer: which is the best choice?


Internal data protection officer:

    • Detailed knowledge of company processes
    • Fast and direct communication
    • Cost-effective with high capacity utilization

External data protection officer:

    • Comprehensive expertise and experience
    • Independence and neutrality
    • Flexible adaptation to requirements
    • No internal resources required


Internal data protection officer:

    • Required training and further education
    • Possible conflicts of interest
    • Time required for data protection tasks

External data protection officer:

    • Higher costs
    • Familiarization with company processes
    • Trustworthiness and reliability

Decision criteria:

    • Company size and structure
    • Complexity of data processing
    • Available resources
    • Budget
    • Required expertise


Q: What is an external data protection officer?

A: An external data protection officer is an independent person or company appointed by other companies to monitor and ensure data protection matters in accordance with the GDPR.

Q: What are the advantages of an external data protection officer?

A: An external data protection officer offers companies in various sectors specialized expertise, efficiency and non-binding advice. Costs can also be saved as there is no need to create an internal position.

Q: What costs are associated with an external data protection officer?

A: The cost of an external data protection officer varies depending on the scope of the work, the industry and the size of the company. Smaller companies can benefit from cost-effective package solutions.

Q: Why should a company appoint an external data protection officer?

A: Companies should appoint an external data protection officer to ensure that they meet the requirements of the GDPR and to avoid potential fines. External experts have specific qualifications and market knowledge.

Q: What tasks does an external data protection officer have under the GDPR?

A: An external data protection officer is responsible for ensuring compliance with the General Data Protection Regulation (GDPR) within the company, creating and monitoring data protection guidelines and acting as a point of contact for the supervisory authority.

Q: Is there a difference between the qualifications of an internal and external data protection officer?

A: The qualification of an external data protection officer can often be more efficient due to their broader expertise and industry-specific experience compared to an internal data protection officer.

Q: What added value does an external data protection officer offer small companies?

A: External data protection officers offer small companies the opportunity to access specialist knowledge in a cost-effective way and to take intensive care of data protection in the company without using internal resources.

Data protection officers cannot protect dataAt most, they can check whether data is adequately protected.

-Joachim Gauck

Our eLearning app for smartphones.

Our eLearning app

DATUREX GmbH offers a free app for eLearning on data protection and information security. Everybody is invited to participate in free basic trainings and to get further education. You can find further trainings for the deepening of various data protection topics in our Store.
DSB buchen