External data protection officer

Numerous companies have appointed employees of ePrivacy GmbH as external data protection officers.

What is a data protection officer?

A data protection officer is appointed by a company to ensure its compliance with the provisions of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and other relevant legislation. His or her responsibilities include monitoring the proper use of information technology and providing information and training to the company's employees. He or she is not obligated to follow instructions issued by others in carrying out his or her tasks. 

Under certain conditions, a company will be required to appoint a data protection officer where, for example:

  • Personal data is processed on an automated basis,
  • More than nine individuals are involved in the processing of this data,
  • The a presumption is favor of the existence of certain risks,
  • Procedures are used which are subject to so-called "prior vetting",
  • Personal data is disseminated to third parties, or
  • Data is collected on a fully automated basis.

Should a company be subject to an obligation to appoint a data protection officer, it must do so within no more than a month of the commencement of its operations; should it fail to do so, it will be guilty of having committed an administrative offense. 

A data protection officer may be appointed from among the company's employees, or the company may appoint an "external data protection officer".

Under what circumstances will the appointment of an external data protection officer from ePrivacy GmbH be advantageous to your company?

  • You have a digital business model in place and are in need of an expert on data protection who is always up-to-date with regard to current case law and is familiar with the sector in which you operate.
  • The size of your company does not permit you to appoint a full-time data protection officer, although this would actually be necessary in light of the significance of data protection considerations for your business model.
  • The data protection officer should preferably not be an employee of your company in the interests of avoiding potential conflicts of interest, rather should bring an independent, external perspective to the table.
  • You require continuous assistance from a data protection officer who is well versed in both technical and legal matters for the further development of your products.
  • You place particular value on legal certainty.

Services provided by external data protection officers from ePrivacy

We would be happy to provide an external data protection officer for your purposes, particularly where your operations relate to the digital media field or involve transactions with a focus on the exchange of digital data (eCommerce, eHealth, eCall, etc.). 

As your external data protection officer, we handle the following on your behalf:

  • Actual status analyses
  • Assistance in the drafting of index of procedures and privacy notice
  • Safeguarding of rights of affected parties
  • Provision of information and training to employees
  • Resolving issues regarding data protection laws
  • Provision of assistance in the context of product modifications in light of data issues
  • Contact persons for customers, employees and product developers
  • Contact persons for data protection agencies
  • Carrying out of data privacy impact assessment
  • Preparation of an annual data protection report for your company

Please feel free to contact us – we will be happy to advise you!

Do you have questions or recommendations for us?

We are glad to receive your comments.