The first step is to determine whether your company needs a data protection officer.
According to Art. 37 (1) of the GDPR, companies are obliged to appoint a data protection officer if they either have a particular risk in the processing of personal data due to their core activity or if at least ten employees constantly process personal data.
A data protection officer can only fulfill his very extensive duties if he has sufficient qualifications, which he must always keep up to date through seminars and further training.
The company must grant the internal data protection officer resources to perform his duties, avoid conflicts of interest due to his position, grant comprehensive insights into internal company processes and structures and grant special protection against dismissal in accordance with §§ 6 (4), 38 (2) BDSG.
Every company must consider whether the position of a data protection officer is to be filled internally by a qualified employee or whether- also in regard to impending fines, possible claims for damages or a presence in the public eye- the task is to assign to an expert who advises the company and creates an individual strategy for implementing the required legal requirements.
As external data protection officers, we consult companies from a wide variety of fields of activity and sizes.
We will be happy to advise you in a personal conversation.