Data protection management

external DPO – support internal DPO – data protection international

If you fail to properly appoint a data protection officer for your company or take data protection lightly, you can be fined up to EUR 20,000,000 / EUR 10,000,000 or up to 4% / 2% of the total worldwide annual turnover of the previous business year. Only the legally impeccable appointment of a competent data protection officer protects the management from claims in the event of data protection-related incidents in the event of liability.

All commercial enterprises and public authorities, that process personal data (e.g. the data of their employees, customers and suppliers) are obliged to comply with data protection laws.

You must appoint a data protection officer if ...

you usually employ at least twenty persons on a permanent basis for the automated processing of personal data,

or you carry out processing operations that are subject to a data protection impact assessment,

or you process personal data on a business basis for the purpose of transmission, anonymised transmission or for the purpose of market or opinion research.


Does any of this apply to your company?

The prerequisites for the appointment of a data protection officer are expertise (knowledge of data protection law, data processing technology and business management) and reliability. An employee of the company who is appointed as a data protection officer must be released from 20 % of his or her working time for this activity. The law also excludes certain persons (e.g. managing directors, human resources managers, operations managers, heads of IT, heads of the legal department, etc.) from serving as internal data protection officers due to the risk of a conflict of interests.

Does that leave you with a wide choice of expert staff?

Appointing an external Data Protection Officer serves many purposes:

  • professional expertise,
  • synergies from multiple appointments in other companies,
  • no operational blindness,
  • no extended "protection against dismissal",
  • availability at short notice,
  • focused operating,
  • additional expertise on related spheres,
  • no additional costs, e.g. for further training.

Overall, the costs for an external consultant are so low that this is a good option to comply with the legal requirements (and avoid a high fine!) without much effort.

Let's talk about it!

Our service covers

  • Identification of your status quo and naming your particular risk
  • Design of a risk-adequate data protection management (Documentation, Sensitization, etc.)
  • Creation of a road-map to comply with legal requirements
  • Drafting legal opinions on data protection
  • Support and training of internally appointed Data Protection Officers
  • Staffing the role of an external Data Protection Officer

Due to the increased requirements for documentation obligations in companies, we developed the PATRONFLEX software together with our partner APPSALOT in order to simplify the implementation of the legal requirements.

Especially by means of templates and lists of proposals PATRONFLEX enables the effortless creation and efficient maintenance of the legally required processing overviews, as well as a structured data protection overview of the company (AVV administration, TOM, etc.).

Further information can be found HERE.

Special aspects

Besides executing all standard tasks of data protection, we are familiar with special aspects and peripheral areas of data protection as well. Please see the following shortlist, of top-requested items, as well as content which uses to be outsourced on a regular basis for avoiding the extensive consumption of resources, internal handling requires:

  • General Equality Law (German Federal General Equality Act – “AGG”)
  • Anti-Terror
  • Bring You Own Device (BYOD)
  • Customer Relationship Management (CRM)
  • Social Networks
  • Apps (Checks of applications for data protection compliance)
  • Cloud
  • International aspects of data protection
  • Data protection for Processors (and Joint Controllers)
  • Data protection aspects of products (privacy by design)
  • Legal opinions on products (whether/ how a product complies with data protection)
  • Data protection for the health sector
  • Smart metering
  • E-Learning

A holistic concept

Data protection seems to consume resources without providing measurable benefits in return. As a result, data protection in many companies only has an alibi character. However, our data protection concept, which is primarily oriented towards the self-interest of the company, brings the company added value beyond the purely formal fulfilment of the legal requirements by simultaneously protecting and securing the information that is important for the company.

Contact us

If you are interested or have any questions regarding
our services, please do not hesitate to contact us.
Use our contact form or one of the options given below.