Certain companies are obliged to appoint an (external or company) data protection officer. The General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) require the appointment of a company data protection officer if one of the following conditions is met:
a) As a rule, at least ten persons are permanently employed with the automated processing of personal data in the company.
b) The core activity of the company consists of carrying out processing operations which, due to their nature, scope and/or purposes, require extensive regular and systematic monitoring of data subjects (this includes, for example, hospitals and pharmacies).
We audit your company according to the legal standards of the DS-GVO and the BDSG (new). From a practical point of view, we are guided by the legal requirements of the audit procedures of the state data protection authorities.
With a data protection audit, you demonstrate to customers and also in the event of an official audit that you comply with and implement the legal provisions and requirements of the GDPR. In this way, you also create trust among potential customers and cooperation partners who want proof of your compliance with the GDPR.
The costs depend on the size of the company and the number of branches. We will be happy to provide you with a fixed price offer within 24 h.
The specific tasks of the data protection officer result from the GDPR and primarily include:
- Monitoring the legal requirements of the GDPR
- Overview of processing activities
- Risk assessment of processing activities
- Training of employees
The external data protection officer is personally liable for all activities. Because of this high risk, we have developed an insurance concept that covers damages of up to EUR 40 million.
According to the requirement of Art. 37 (5) GDPR, a data protection officer must fulfil the following three main factors:
- Professional qualification in terms of expertise in the field of data protection law
- Expertise in the field of data protection practice
- Ability to perform the tasks mentioned in Art. 39 GDPR (see above)
