Data Protection Officer

do not have to be permanently employed!

External competence for your company

Corporate data protection is a complex topic and belongs in the hands of a competent person in charge. However, this does not necessarily mean that the staff position of a dedicated data protection officer must be created and staffed within the company. Even if the size of the organisation and the resulting volume of data protection matters suggest an in-house staffing, the external company data protection officer is often the better choice organisationally and economically. Particularly against the background of complex and changing legal situations, for example with regard to the EU General Data Protection Regulation (EU GDPR), a quick transfer of competence is ensured and legal certainty is maintained at all times.

Protect your assets

For many organisations, data is an essential part of their business assets. Whether it’s a customer file or business-related processing of personal data on behalf of others: you don’t have to do without professional data protection, even if staffing a dedicated staff unit may not seem sensible in your operational situation.

We can do a lot for you

Benefit from our expertise and experience. We perform all the tasks of an external data protection officer in accordance with Art. 39 DSGVO and, if necessary, act on behalf of your company vis-à-vis outsiders. We tell you which legal requirements you have to fulfil and continuously accompany you in the development of practice-oriented solutions.

What the expert says

IT security and data protection are mutually dependent and influence each other - a high level of data protection requires secure IT systems. A well-founded initial data protection analysis therefore illuminates technical and organisational circumstances in equal measure against the background of the sometimes rapidly changing legal framework. Finally, the external company data protection officer is always "up to date" with the latest legal framework conditions in data protection. Even far-reaching changes, such as the change to the EU General Data Protection Regulation (EU GDPR), can often be implemented more efficiently with an external DPO than with an internal staff unit.

Your questions - our services

The implementation of data protection in a company is a multifaceted and demanding task. In some cases, it involves very complex legal issues.

As your external data protection officers

  • we check your service providers with regard to their technical and organisational measures. In this way, you reduce the risk of suffering monetary or non-material damage due to the misconduct of your service providers.

  • wetrain and advise individually and on site, tailored to the individual work areas. In this way, we give your employees the necessary tools to handle your data-related company assets with security awareness and care.

  • we regularlyanalyse with you whether your security measures are appropriate to the protection needs of your data.

If you process personal data on your own behalf, we will support you in implementing the data protection requirements of your clients quickly and unbureaucratically.

According to the Federal Data Protection Act, data protection officers must have the necessary expertise and reliability. With regard to the required expertise, legal and organisational knowledge, didactic skills and IT knowledge must be mentioned in particular. The supervisory authorities for the private sector (Düsseldorfer Kreis) have formulated corresponding minimum requirements.

In principle, the data protection officer can be appointed internally (company employee) or externally. An internally appointed person must meet the same requirements as an external data protection officer. In addition to the necessary expertise, it is particularly important that the person may not have a conflict of interest with his or her other activities. Members of the management board, for example, cannot be data protection officers of their company at the same time.

Unlike some other EU countries, Germany relies on a system of self-regulation through company data protection officers. This also includes the obligation to check service providers who process personal data on behalf. As a higher authority, the data protection supervisory authorities have the task of monitoring compliance with data protection laws. They also have the right to impose fines.

Good data protection...

… reduces business risks
Legally compliant data processing is a good basis for business decisions and reduces long-term risks in terms of data loss, bad investments or fines.

… promotes corporate culture
Proper processing of employee data helps to avoid conflicts with employees. Training and counselling on data protection avoid uncertainties regarding data processing powers. This ensures clarity and creates a positive working atmosphere.

… creates value
Companies often underestimate the value of their data. Whether customer files or newsletter recipients: data represents capital. Professional data protection helps to identify and preserve these values.

… strengthens IT security
Sufficient technical and organisational measures must be taken to protect personal data – that is the law. Systematically recording and documenting these measures also strengthens the security of the IT environment and contributes to an efficient working culture.

… has charisma!
Sound data protection contributes to a positive corporate image and creates trust. Customers and business partners know their data is in good hands.

Your contact

Roman Maczkowsky - Datenschutzbeauftragter, Datenschutz-Erstanalyse, Audit ISO27001 und Website Sicherheitsanalyse

Roman Maczkowsky
Phone: +49 30 243423-47

Short vita Roman Maczkowsky

Roman Maczkowsky is a certified team leader for audits according to ISO 27001 native as well as on the basis of IT-Grundschutz, also according to the German Energy Industry Act (EnWG) for energy suppliers and operators of critical infrastructures. He is a proven specialist in operational data protection and was, among other things, an employee of the Independent Centre for Data Protection Schleswig-Holstein (ULD) and the Berlin Commissioner for Data Protection and Freedom of Information. Roman Maczkowsky is a BSI-licensed IS auditor and IS consultant and is active as a lecturer in the training of data protection and IT security officers.

Test us!

We will be happy to make you an individual offer for the appointment of an external company data protection officer once the initial data protection analysis has been completed.

Downloads & Links