External Data Protection Officer

External Data Protection Officer (External DPO)

  • Flexible solutions for small and large companies
  • Individual advice from data protection experts
  • Certified data protection quality

Compare prices Request a quote

Why your company needs an external data protection officer

An external data protection officer (DPO) acts as a central component of an organization, playing a crucial role in maintaining the confidentiality and integrity of personal data. They are not directly integrated into the company, but act independently to ensure an impartial and objective assessment of the company's data protection practices.

The tasks of the external data protection officer include, in particular, advising management on compliance with data protection regulations and implementing data protection requirements in the company's organizational structures and processes. They monitor the correct application of data protection principles, conduct training to raise awareness of data protection issues, and mediate between the interests of outsiders and the company.

Your ideal data protection solution

Datenschutzbeauftragter für kleine Unternehmen

External DPO for small businesses

32,50 €/Month

  • For companies with up to 20 employees
  • Includes data protection software
  • Includes online training courses and webinars
Request quote learn more
Datenschutzbeauftragter für mittlere Unternehmen

External DPOfor medium-sized businesses

290 €/Month

  • For companies with up to 50 employees
  • Includes data protection software
  • Includes online training and consulting services
Request quote learn more
Datenschutzbeauftragter für große Unternehmen

External DPO for medium-sized to large companies

Customized quote

  • For companies with 50 or more employees
  • Consulting from certified GDPR experts
  • Includes data protection management system
Schedule a consultation Get in touch
 

Benefits of an External Data Protection Officer

The constantly changing and increasingly complex data protection requirements pose a major challenge, especially for small and medium-sized enterprises (SMEs). Without access to specific expertise, it is hardly possible to meet these requirements effectively.

To address these challenges, we offer you the services of an external Data Protection Officer (DPO). This expert role not only fulfills the basic legal requirements but also ensures that your company receives competent advice on all data protection matters. We stand by your side at all times as a reliable partner for any data protection challenges. 

Thanks to our many years of cross-industry experience, we have mastered a wide range of data protection issues. This enables us to offer efficient, practical solutions that help you meet your data protection obligations while staying focused on your core business.

Competent advice from the Data Protection Officer

Competent & Independent

We support you based on current legislation and draw on years of experience in corporate data protection. Our consultants serve as an independent and neutral body to safeguard data protection interests in your company (in accordance with statutory requirements).

 

Expertise for small and medium-sized enterprises

Expertise for Small & Medium-Sized Enterprises

External Data Protection Officers provide targeted expertise in the field of data protection, particularly benefiting smaller and mid-sized companies. This also saves you costly internal resources that you would otherwise have to invest in an in-house DPO.

 

Tailored data protection

Tailored Data Protection Consulting

As an external service provider, we tailor our consulting services to your company’s specific requirements. You also benefit from our experience gained in other engagements. As external consultants, we act as a neutral body without the typical organizational blind spots.

 

Support from the external Data Protection Officer

Support in Everyday Operations

 While your external Data Protection Officer supports you in all data protection matters, you can focus on your day-to-day business without disruption.

 

Your Data Protection Experts at IITR

When appointing your external Data Protection Officer through IITR Datenschutz GmbH, you will be supported by qualified data protection consultants. Learn more about our team’s qualifications and areas of expertise:

Attorney-at-Law Dr. Sebastian Kraska

Dr. Sebastian Kraska

  • Attorney-at-Law specializing in data protection law
  • Advisory board member of the journal “Zeitschrift für Datenschutz (ZD)”
Certified Data Protection Officer Michael Wehowsky

Michael Wehowsky

  • Certified Data Protection Officer (udis)
  • Certified Information Privacy Professional Europe (CIPP/E, IAPP)
Attorney-at-Law and Certified Data Protection Auditor Sabine Schmitt-Henning

Sabine Schmitt-Hennig

  • Attorney-at-Law and Certified Data Protection Auditor
  • Many years of experience in IT and communication technologies
Meet the entire team

Our expertise in corporate data protection

IITR Datenschutz GmbH offers you a certified data protection management system in accordance with ISO 27701. We are also a member of the DIN association.

DIN Siegel Datenschutz Zertifikat Datenschutz Software hosted in Germany Bitkom Siegel Der Mittelstand

Just 4 Steps to Your External Data Protection Officer

Step 1: Inquiry

Depending on the size of your company, you can either request to book our Data Protection Kit directly or schedule a consultation with our staff.

Step 2: Quote

Our data protection experts will prepare a suitable quote tailored to your company.

We also carry out an initial needs assessment so that our offer is optimally aligned with the nature of your organization.

Step 3: Contract

Together with the conclusion of the contract, you will also receive a supporting template confirming that you have appointed your Data Protection Officer through us.

This serves directly as documentation for the supervisory authorities.

Step 4: Ongoing Support

After the contract is concluded, a range of services—such as training, a data protection management system, and consulting from certified data protection experts—will be available to you, depending on the agreement.

We are also happy to support you with a data protection audit at your company.

Important information about the
external data protection officer

Frau recherchiert - wer braucht einen externen Datenschutzbeauftragten

Who needs an external data protection officer?

Simply put: The EU GDPR with the additional German Federal Data Protection Act (BDSG) requires an internal or external data protection officer to be appointed by every company in Germany with twenty employees or more. In some cases, companies might be required to hire a data protection officer at an earlier point – and regardless of the number of employees – for example, if the company processes data that is more sensitive such as health data.

Wann brauche ich einen externen Datenschutzbeauftragten?

When does it make sense to hire an external data protection officer?

A data protection officer should be appointed if the company is required to do so by law (usually, if the company employs twenty people or more who have access to personal data). Irrespective of the legal obligation, companies also often appoint data protection officers for other reasons, when they realize they are in need of professional advice in the area of data protection requirements. This is the case, for example, for companies that process sensitive healthcare data or for companies that process data on behalf of their customers.

Frau recherchiert im Internet was wichtig ist unter der EU-DSGVO

Under the EU GDPR, what is particularly important for companies?

The EU GDPR states that companies should above all address the following issues:

  1. Creating a privacy policy
  2. Documenting the procedures that process personal data (the so-called “directory of processing activities”)
  3. Contractual relationships with third-party service providers (keyword: “outsourced processing agreement”)
  4. Compliance with the minimum standards in IT security
  5. Educating and training employees

Our Privacy-Kit addresses all of these items and is designed for companies with about 20 employees. Our Compliance-Kit is designed to meet the needs of larger companies.

Besprechung externer Datenschutzbeauftragter und Klient

Who can become a Data Protection Officer and how long does it take to become a Data Protection Officer?

In theory, the training to become a data protection officer usually takes a week, depending on the provider. However, in our experience, the ability to practically apply what was learned requires several years of experience in the field. The International Association of Privacy Professionals (IAPP) offers an ISO-accredited data protection training course.

7 good reasons for an external data protection officer

1. Negative media coverage and loss of customer trust

The Data Protection Officer supports management in implementing internal data protection compliance and thus protects the company from data protection scandals—including the negative press coverage that often accompanies them. As numerous examples have shown, this is particularly relevant for companies whose offerings are aimed at private end customers (consumers).

2. Trouble with the supervisory authority

Competitors, disgruntled employees, or customers repeatedly contact the data protection supervisory authorities. If at all possible, you should avoid being unable to present a Data Protection Officer in response to an initial inquiry from the supervisory authorities.

3. Fines against management and the company

An administrative fine under the GDPR may be imposed if a company fails to appoint a Data Protection Officer in good time. The fine can be imposed both on management itself and on the company.

4. Maintaining ISO certification

If your company undergoes regular ISO certification for quality assurance, it is often checked—when maintaining this certification—whether you have fulfilled your obligation to appoint a Data Protection Officer.

5. The Data Protection Officer must often be named in contracts

When you enter into contracts with partner companies, suppliers, or service providers and transfer personal data in this context, these contracts must also include numerous data protection clauses. These often require naming the Data Protection Officer.

6. An external Data Protection Officer has no special protection against dismissal

If you appoint an internal employee as the Data Protection Officer, that person receives special protection against dismissal. While the GDPR does not provide for this, such protection is laid down in the German Federal Data Protection Act (BDSG). As a result, terminating your Data Protection Officer’s employment relationship is generally impermissible. By contrast, you can terminate an external Data Protection Officer in accordance with the contract and applicable notice periods.

7. Liability in the event of breaches

An internal Data Protection Officer benefits, in their role as an employee, from internal compensation rules for damages. This eases employees’ liability in the event of a breach of duty. Your external Data Protection Officer, on the other hand, is liable to a greater extent—even in cases of simple negligence.

Request a consultation appointment

Privacy Short-Audit

Would you like to know how well your company is positioned in terms of data protection?

Datenschutzbarometer
IAPP Logo mitglied din iitr siegel hosted in germany bitkom logo externer Datenschutzbeauftragter BVD vision datenschutz externer Datenschutzbeauftragter GDD Der Mittelstand

Join Now!

Answer just four questions and get an immediate initial assessment.

Your Details

Contact person:

Make an appointment

preferred appointment type:

preferred time: *

 

Question 0 / 4

?

baromether baromether

 

Please answer all questions to receive an initial assessment of your data protection level.

This test provides an initial indication and does not cover all data protection topics.

After more than four years of GDPR, supervisory authorities expect at least the basic topics to be addressed. By not complying with the requirements, one almost forces the authority to impose fines.

Apparently, not all basic topics have been addressed yet – this should be done as soon as possible.

The company does not seem to meet the expectations of the supervisory authorities yet – quickly close the open topics.

Supervisory authorities generally expect an even better implementation of the GDPR.

If it is quickly determined which open points still exist and these can be closed, the company seems to be on a good path.

The company seems to be on the right track. But don't forget: data protection is a continuous process.

What are the duties of external Data Protection Officers?

In principle, the duties of both internal and external Data Protection Officers lie in ensuring compliance with corporate data protection.

In detail, the role is divided into different areas. An external Data Protection Officer, for example, is consulted in the following scenarios:

  • when introducing IT systems that are critical from a data protection perspective
  • when data is lost due to an attack
  • for training employees involved in data processing
  • as a general point of contact for questions about data protection
  • to help structure data protection topics within the company
Video thumbnail

External Data Protection Officer: Benefits for your company

Data protection requirements have become increasingly complex in recent years. Smaller and medium-sized companies in particular therefore often rely on external Data Protection Officers.

These are the benefits of an external Data Protection Officer for your company:

  • Ideally serves as an independent and neutral body to safeguard data protection interests in your company (in accordance with statutory requirements).
  • External Data Protection Officers provide targeted expertise in the field of data protection, especially benefiting small and medium-sized enterprises.
  • As an external service provider, we tailor our consulting services to your company’s specific requirements.
Video thumbnail

Find more videos in our Café Datenschutz

What are the costs of external Data Protection Officers?

The costs of external Data Protection Officers depend in particular on the size of your company and the desired level of consulting. A clear cost advantage is the saving on payroll expenses. In return, you have an expert at your side who focuses exclusively on data protection matters within your company. In close consultation with you, we will prepare an individual offer.

Data protection officer, coordinator, manager, etc. Who actually does what?

Vide thumbnail

For small businesses with up to 20 employees, we offer a solution with our data protection kit, which also includes the appointment of a data protection officer. For a three-year term, the cost is €32.50/month, and for a one-year term, the cost is €49/month. As part of the data protection kit, we provide companies with web-based data protection management software that enables them to address data protection issues in a cost-effective manner. We are also available to provide additional support for individual queries.

Privacy-Kit

We can support medium-sized companies with an internal or external data protection officer with our Compliance Kit 2.0. This is data protection management software based on ISO standards. The software is free of charge for the first six months, after which you pay €30 per month for its use.

Compliance-Kit 2.0

For a detailed quote, you can also use our non-binding cost inquiry to quickly and easily determine the costs of an external data protection officer for your company.

Request a quote

Conflict of Interest in Appointing a Data Protection Officer

Appointing a Data Protection Officer entails potential conflicts of interest, particularly when this position is filled internally. This is because the Data Protection Officer is tasked with monitoring compliance with data protection regulations—a responsibility that requires a position free of conflicts of interest.

If a company employee is appointed as the Data Protection Officer, there is a risk that their tasks and responsibilities in other roles within the company may conflict with their duties as Data Protection Officer. For example, an IT manager who also serves as the Data Protection Officer may face a conflict of interest when having to choose between data protection interests and the efficiency of IT operations.

Moreover, an internal Data Protection Officer might hesitate to report data protection violations or take action against the company due to fear of negative professional consequences. Appointing an external Data Protection Officer can therefore help avoid potential conflicts of interest and ensure that compliance with data protection laws is monitored impartially.

Request a Quote Now

1. Company size

Number of screen workstations:

2. Choose term

Desired term:

3. Your details

Company:

Contact person:

After sending this form, we will create a contract offer and send it to you by e-mail. After you have signed and returned it to us, we will send you the invoice. After receipt of payment, we create your access to the online platform and send the folder incl. certificate and accompanying documents. * required entry
 

2. Your details

Contact person:

3. Your individual offer