external data protection officer
The external data protection officers at DATUREX GmbH are experts in data protection and information security. Our team of IT specialists and lawyers will advise you nationwide with on-site support in data protection.
Customers of DATUREX GmbH
Who we are
We are Computer scientists and lawyers who specialize in data protection and information security and are certified (TÜV+IHK+BSI).
We are certified and tested by:
Our advice is eligible for funding up to 80%as we are registered as accredited consultants with the Federal Office of Economics and Export Control (BAFA).
Originally, we come from the royal league of IT, software development. We have interdisciplinary teams with computer scientists and lawyers.
Individual employees at our company have an extended security clearance ("Ü2") in accordance with § 9 SÜG and are therefore allowed to work in environments that have access to SECRET have classified information.
Due to 20 years of work as a computer scientist and 10 years of experience as an external data protection officer, consulting on technical and organizational measures (according to Art.32 - EU-DSGVO - security of processing) is no problem. Thus, we can offer you a comprehensive overall package.
As external data protection officers, we pursue two goals:
Only with trained staff, secured processes and a secure IT landscape can you avoid expensive breaches of the new regulation (DSGVO).
Through a network of other experts, we can provide the client with optimal advice as an external data protection officer.
We are a member of the central data protection associations and are in regular contact with other experts:
- Legal certainty in dealing with sensitive data in all sectors
- Improvements for security in data processing
- Plannable costs of external data protection officers
- Relieving the burden on the company organization by appointing an external data protection officer
- High level of expertise in all data protection issues
- Safeguarding the rights of the data subjects
- Neutral advice on all data protection issues
- Current information on data protection issues
- Contacts with authorities and professional colleagues
External data protection officer
We are available to you as an external data protection officer and thus cover your legal obligations according to DSGVO.
External information security officer
We are available to you as an external information security officer and thus cover your legal obligations insofar as you are obligated, for example, as a Kritis participant or from other laws such as the IT Security Act. We are also available for certifications in the area of information security such as ISO 27001, TISAX, etc.
Data protection management
Our data protection management offers you a method for systematically planning, organizing, managing and controlling the legal and operational requirements of data protection.
On site with you
We attach great importance to personal proximity to our clients and are always ready for personal on-site appointments.
A variety of online and on-site training options are available to our clients, ensuring ongoing hands-on employee awareness.
The appointment of an external data protection officer in accordance with data protection requirements depends on the following factors
In Germany, you need a data protection officer (internal or external) in accordance with the legal requirements under the following conditions:
- Company sizeIf your company regularly employs at least 20 people who deal with the automated processing of personal data, the appointment of a data protection officer is required by law to ensure data protection in your company.
- Activities relevant to data protectionRegardless of the number of employees, a data protection officer is required if your company processes particularly sensitive data (e.g. health data) or if the core activity of your company consists of the extensive monitoring of individuals or the extensive processing of special categories of personal data. If you process personal data for business purposes, e.g. for market or opinion research, or if you are constantly entrusted with the processing of data in accordance with Art. 9 GDPR - processing of special categories, you should appoint a data protection officer. company data protection officer as a contact person in the company. Even small and medium-sized companies often need a consultant who can act as a Data protection officer takes over the duties of the company in accordance with the GDPR and BDSG.
- Risk assessmentA data protection officer may also be required if the type of data processing poses a high risk to the rights and freedoms of natural persons, e.g. in the case of extensive profiling activities.
- Public bodiesPublic bodies are generally required to appoint a data protection officer.
- Voluntary orderCompanies can also voluntarily appoint a data protection officer to strengthen their compliance and minimize risks. In any case, all The company in the European Union are obliged to implement the data protection organization in their company in order to comply with the GDPR in their company, this applies to all small and medium-sized companies as well as many other companies of all sizes in the European Union. Even if there is no obligation, it always makes sense to have a data protection officer in the company and in terms of costs, an external data protection officer is usually the best choice.
Funding for data protection
External data protection is eligible for funding. You can apply for funding for your company from the Federal Office of Economics and Export Control (BAFA). We will be happy to assist you in submitting your application.
What obligations does a company have to fulfill under the GDPR?
The GDPR (General Data Protection Regulation) is a European Union regulation that regulates the Protection of personal data regulates. It applies to all companies, that process the personal data of EU citizens, regardless of the company's registered office.
The most important obligations of companies under the GDPR are
- Transparency: Companies must provide transparent information to those affected, which personal data they process, what they use this data for and how long they store it.
- Rights of data subjects: Companies must respect the rights of data subjects to information, rectification, erasure, restriction of processing, objection to processing and portability of your data.
- Data security: Companies must take technical and organizational measures, to protect personal data from unauthorized access, Loss, destruction or alteration.
- Obligation to report data protection incidents: Companies must report data protection incidents to the competent supervisory authority without delay.
In addition, companies must:
- Appoint a data protection officer, if they fulfill certain criteria (e.g. B. if they process sensitive data on a large scale).
- Maintain processing records, in which they document all processing activities.
- Implement technical and organizational measures (TOM), to ensure the security of the data.
- Train employees on data protection law.
Failure to comply with the GDPR may result in high fines be punished.
external data protection officer
The new EU General Data Protection Regulation has been in force since 25. 05. 2018.
The appointment of an external data protection officer is unavoidable if at least twenty persons are involved in the processing of personal data. Another criterion is when processing operations are undertaken that are subject to a data protection impact assessment pursuant to Art. 35 DS-GVO or personal data are processed commercially for the purpose of transmission or for the purpose of marketing activities.
As external data protection officers, we provide our clients with neutral advice.
We guarantee a high level of experience, expertise and the necessary competence on the subject of data protection.
Appointment as external data protection officer and DSGVO-compliant consulting
Appoint us as external data protection officer and name us before the state data protection authority. We assume liability up to 1.5 million euros in the event of damage. If you appoint us as your external data protection officer, you avoid high personnel costs and permanent training costs for an employee who cannot be terminated.
The inventory is a complete documentation of all processes in which personal data are processed in the company.
The thorough inventory reveals a large number of processes relevant to data protection.
The analysis of the inventory means that the documented processing activities are checked for data protection compliance.
Each processing activity is linked to a checklist. The questions in the checklists are used to check whether the respective processing activity is carried out in compliance with the law.
After analyzing a processing activity, the result is evaluated to reveal vulnerabilities and risks.
Updating of processing activities that are not data protection compliant. Processes and sub-processes that are not completely data protection compliant must be adapted.
Applicants, employees and customers are informed comprehensively about the processing of their personal data in accordance with data protection law by means of information sheets in accordance with Articles 13 and 14 DSGVO. Furthermore, a data protection manual is made available to employees as an instruction manual with guidelines and directives, as well as emergency plans and further service instructions on data protection. Your employees will also be trained once a year and thus sensitized to the new data protection.
What are the advantages of an external data protection officer?
The appointment of an external data protection officer (DPO) offers companies numerous advantages:
- Lower costs of an external data protection officer compared to an internal DPO:
- No personnel costs such as salary, vacation, social security contributions, etc.
- No costs for training and further education
- No investment in IT infrastructure and software
- Transparent costs:
- Fixed prices in advance
- No hidden costs
- Efficient adaptation of services to the needs of the company
- No personnel restrictions such as protection against dismissal
- Scale the number of data protection contacts without obligation
- High level of technical expertise:
- External DPOs are certified data protection experts
- Constant updating of knowledge through further training
- Experience from working with various companies
- Qualified expertise and proof of qualification can be purchased without loss of time
- Directly available contact person for the management
- Implementation of even difficult topics such as a data protection impact assessment
- Compliance with the requirements of the GDPR
- Comprehensive advice:
- Support in all data protection issues
- Support with the implementation of the GDPR and BDSG
- Development of data protection concepts
- Data protection impact assessment by experts
- Increased efficiency through multiple consultants
- Reliable representation:
- Safeguarding the interests of the company vis-à-vis authorities and supervisory authorities
- Easier proof of impartiality than with internal data protection officers
Increased flexibility through service providers:
- No commitment to an employee who is therefore subject to special protection against dismissal:
- Termination at short notice possible
- Possibility to change the DPO if necessary by using external service providers
- No downtime:
- Continuous representation by the external DPO
- Vacation and sickness cover
- Objectivity and independence:
- The external DPO is not involved in the operational processes
- Avoidance of conflicts of interest
- The external DPO is obliged to maintain confidentiality
- Signal effect for customers and business partners
- Demonstration of compliance with the GDPR and BDSG
- External data protection officer is liable for his obligations under the GDPR
Hiring an external data protection officer offers companies a number of advantages, particularly in terms of cost efficiency, expertise, flexibility and objectivity.
Services of external data protection officers:
Implementation of the GDPR:
- Review: Analysis of the current situation and target specifications in data protection
- Development: Design and implementation of a data protection management system
- Documentation: Creation of processing directories, Data protection information and declarations
- Training: Sensitization of employees in handling sensitive data
- Monitoring: Compliance with the GDPR and other data protection regulations
- Update: Adaptation of the data protection management system to new legal requirements
- Consulting: Support with data protection issues and concerns
- Representation: Contact person for authorities and supervisory authorities
- IT security audit: Checking the security of IT systems and processes
- Suspicious case management: Support in the investigation of data protection incidents
- External data protection officer: Designation and appointment in accordance with Art. 37 GDPR
- Legal certainty: Avoidance of warnings and fines
- Efficiency: Relief of internal resources
- Competence: Expert advice and support
- Flexibility: Scalable services as required
External data protection officer Dresden:
- Certified: TÜV+BSI+IHK
- Experience: Many years of expertise in data protection
- Trustworthy: Independent and neutral advice
- Cost-effective: Transparent and fair prices
Internal vs. external data protection officer: which is the best choice?
Internal data protection officer:
- Detailed knowledge of company processes
- Fast and direct communication
- Cost-effective with high capacity utilization
External data protection officer:
- Comprehensive expertise and experience
- Independence and neutrality
- Flexible adaptation to requirements
- No internal resources required
Internal data protection officer:
- Required training and further education
- Possible conflicts of interest
- Time required for data protection tasks
External data protection officer:
- Higher costs
- Familiarization with company processes
- Trustworthiness and reliability
- Company size and structure
- Complexity of data processing
- Available resources
- Required expertise
Data protection officers cannot protect dataAt most, they can check whether data is adequately protected.
Our eLearning app for smartphones.
Our eLearning app
Q: What is an external data protection officer?
A: An external data protection officer is an independent person or company appointed by other companies to monitor and ensure data protection matters in accordance with the GDPR.
Q: What are the advantages of an external data protection officer?
A: An external data protection officer offers companies in various sectors specialized expertise, efficiency and non-binding advice. Costs can also be saved as there is no need to create an internal position.
Q: What costs are associated with an external data protection officer?
A: The cost of an external data protection officer varies depending on the scope of the work, the industry and the size of the company. Smaller companies can benefit from cost-effective package solutions.
Q: Why should a company appoint an external data protection officer?
A: Companies should appoint an external data protection officer to ensure that they meet the requirements of the GDPR and to avoid potential fines. External experts have specific qualifications and market knowledge.
Q: What tasks does an external data protection officer have under the GDPR?
A: An external data protection officer is responsible for ensuring compliance with the General Data Protection Regulation (GDPR) within the company, creating and monitoring data protection guidelines and acting as a point of contact for the supervisory authority.
Q: Is there a difference between the qualifications of an internal and external data protection officer?
A: The qualification of an external data protection officer can often be more efficient due to their broader expertise and industry-specific experience compared to an internal data protection officer.
Q: What added value does an external data protection officer offer small companies?
A: External data protection officers offer small companies the opportunity to access specialist knowledge in a cost-effective way and to take intensive care of data protection in the company without using internal resources.