External Data Protection Officer

We undertake the task of the external data protection commissioner for mid-sized companies from 200 to 10.000 employees from different branches.

At the beginning of the acquisition of the function of the external data protection officer for a company an actual quantity recording will be performed on data protection. The actual recording determines whether the company has an adequate level of data protection, and whether all legal requirements have been implemented regarding the data protection and IT security at a reasonable level based on the European Data Protection Regulation (short “GDPR”). After completion of the recording on data protection, we create an analysis report with recommendations on data protection measures for the controller.

After completion of the actual recording our law office takes further care of the company by visiting the company, usage of our data protection hotline and on-going implementation of the statutory requirements in the company. We also carry the necessary data protection training at the company. Towards the end of the contract year, we create an annual report with recommendations for the following year for the management of the company. For inquiries or inspections of the supervisory authorities, we help companies to prove the fulfillment of statutory obligations and requirements.

The services of the law firm include in particular the assumption of the function of the external data protection officer for companies (associations etc.) will be counted among:

  • Implementation of the actual recording on data protection to assess the level of protection based on the requirements of the GDPR
  • Ongoing support for clients as an external data protection commissioner
  • Data Protection Hotline for inquiries of the company on data protection
  • Producing an annual report and action recommendations for the following year
  • Support of the company in creating the internal process descriptions
  • Support in the preparation of the directory of processing activities for the company
  • Obligation of employees on the data secrecy
  • Inventory of local businesses and meeting current data protection requirements
  • Treatment of information rights of those affected
  • Assessment and treatment of data protection injury
  • Review of contracts with third parties, particularly in the context of a data processing
  • Assessment of data transfers within the EU and in third countries outside the EU