Data protection as a matter of

Data Protection Organisation (DPO)

Trust the external data protection officers from TÜVIT

Put your operational data protection in the hands of our experts: We will provide you with external, certified data protection officers who will support you with the GDPR-compliant data protection organisation in your company. Our data protection experts will help you with all matters relating to operational data protection and monitor compliance with data protection regulations.

For every company size

Whether you are an SME or a large corporation, we offer the right support from external data protection officers for every type of company.

Always an open (data protection) ear

Data protection never goes on holiday. That's why our experts are there to support you all year round.

Concentrated data protection & IT expert

Our experts are not only familiar with data protection, but also with all IT security issues.

What is an external data protection officer (DPO)?

An external data protection officer (DPO for short) is an external service provider who takes care of a company's operational data protection and GDPR-compliant data protection organisation. They monitor compliance with data protection regulations, are the first point of contact for management on data protection issues and train employees on data protection topics.

In contrast to the internal data protection officer, he or she is not an employee of the company.

At a glance

Advantages of an external data protection officer (DPO)

An external data protection officer (DPO) offers companies numerous advantages - from professional independence to clearly calculable costs. The following is a list of key arguments as to why an external expert is a sensible and efficient solution for your data protection requirements.

No conflicts of interest
Decisions & assessments of facts are characterised by the independence of our experts.
Many years of industry-independent data protection expertise
Our experts have extensive expertise in various industries & are constantly undergoing further training.
Assurance of a replacement
If your usual contact person is unavailable, we will provide a replacement.
Concentrated training experience
Our experts use their extensive training experience to sensitise your employees to data protection topics.

Transparent & predictable costs
We offer you a transparent cost structure as well as contractually agreed prices and terms.
IT expertise for technical implementation
In addition to data protection expertise, our EDPSs also have the necessary IT expertise for technical implementation.
Gain trust in the market
By appointing an EDPS, you show the outside world that you are placing your data protection in expert, independent hands.
No costs for training and further education
Your employees can concentrate on their tasks. No training costs, no loss of working hours.

Eine Frau identifiziert sich via Fingerabdruck an ihrem Smartphone.

Duties of the external data protection officer

Our external data protection officers

help you with all questions relating to company data protection,
train and sensitise your employees to data protection issues and
monitor the technical and organisational implementation of the GDPR-compliant data protection organisation in your company.

Unsere Leistungspakete im Überblick (Kopie 1)

Minimal

+ Recommended company size: Small

+ Incl. service expenditure (h/month): 1

+ Appointment of external data protection officer: ✓

+ Data protection training with documentation (h/year): 4

+ Incl. locations / legal entities: 1

+ Ensuring representation in case of holiday & illness: ✓

+ Data protection newsletter (free of charge): -

Small

+ Recommended company size: Small

+ Incl. service costs (h/month): 2

+ Appointment of external data protection officer: ✓

+ Data protection training with documentation (h/year): 4

+ Incl. locations/ legal entities: 1

+ Ensuring representation in case of holiday & illness: ✓

+ Data protection newsletter (free of charge): -

Regular

+ Recommended company size: Small to medium-sized

+ Incl. service costs (h/month): 3

+ Appointment of external data protection officer: ✓

+ Data protection training with documentation (h/year): 4

+ Incl. locations/ legal entities: 1

+ Ensuring representation in case of holiday & illness: ✓

+ Data protection newsletter (free of charge): ✓

Advanced

+ Recommended company size: Medium-sized

+ Incl. service expenditure (h/month): 4

+ Appointment of external data protection officer: ✓

+ Data protection training with documentation (h/year): 8

+ Incl. locations/ legal entities: 1

+ Ensuring representation in case of holiday & illness: ✓

+ Data protection newsletter (free of charge): ✓

Premium

+ Recommended company size: Medium to large

+ Incl. service costs (h/month): from 5

+ Appointment of external data protection officer: ✓

+ Data protection training with documentation (h/year): 8

+ Incl. locations/ legal entities: 1

+ Ensuring representation in case of holiday & illness: ✓

+ Data protection newsletter (free of charge): ✓

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin

To the consulting services Contact us

Goal achieved?

We check that

TÜV Informationstechnik I Essen

To the test offers Contact us

The facts and figures in comparison

Internal vs. external data protection officer

Choosing the right data protection officer is crucial. An external data protection officer not only offers companies specialised expertise and a neutral position, but also impresses with transparent cost structures and flexible contract design - a clear and often more efficient alternative to an internal data protection officer

A comparison of the key factors for effective data protection

Internal data protection officer

Expertise:

Acquisition of the necessary qualification through time-consuming & cost-intensive training courses

Costs:

In addition to regular remuneration, additional costs (downtime, further training, specialist literature)

Operational familiarisation:

Operating procedures are already known

Position:

Usually less accepted in the company

Protection against dismissal:

Internal data protection officer enjoys special protection against dismissal

External data protection officer

Expertise:

Data protection expert with necessary qualifications

Costs:

Transparent and predictable costs through contractually agreed remuneration

Operational familiarisation:

Familiarisation with operational processes and procedures required (our experts can quickly familiarise themselves with the processes of a wide range of business sectors thanks to their diverse industry experience)

Position:

Neutral position in the company

Protection against dismissal:

Contract can be terminated with notice

Frequently Asked Questions (FAQ)

What you need to know about the DPO

Comprehensive qualifications: An external data protection officer has extensive expertise in the areas of data protection law and data protection practice. In addition, they always keep an eye on the latest legal developments and undergo continuous further training. TÜVIT's experts are TÜV-certified data protection officers and data protection auditors.
Extensive experience: An external data protection officer has usually already carried out many data protection projects and can therefore draw on experience with regard to best practice examples and extensive implementation knowledge.
Transparent & predictable costs: The prices for an external data protection officer are contractually regulated so that companies do not have to reckon with additional costs, such as those that would be incurred for training internal employees.
Neutral position in the company: In practice, internal data protection officers often have a less favourable position within the company. It can happen that colleagues are slow to respond to enquiries or do not respond at all. An external data protection officer, on the other hand, usually assumes a neutral position within the company.
Availability: By hiring an external data protection officer, companies have an expert available at all times - regardless of sick days, holidays or work commitments.
Liability: As an external data protection officer is not employed by the company, limited employee liability does not apply in the event of damage. The liability of the DPO within the agreed amount begins with slight negligence. This means that an external data protection officer offers more security in terms of liability.

The German Federal Data Protection Act (BDSG) and the European General Data Protection Regulation (EU GDPR) stipulate when a company data protection officer must be appointed.

This is the case if

at least 20 people are regularly involved in the automated processing of personal data
they are public authorities or public bodies
the core activity of the company consists of processing operations that require comprehensive, regular and systematic monitoring of individuals
the core activity of the company is the processing of special categories of data (Articles 9 and 10 GDPR), for example data relating to health, sexual orientation or criminal convictions and offences
companies transfer personal data for commercial purposes or process it for commercial market or opinion research purposes
processing is carried out that is subject to a data protection impact assessment

The appointment of an external data protection officer must be made in writing. The appointment document must be signed by both parties and the appointment must be made in a separate agreement, i.e. outside of an existing contract.

Our service of providing an external data protection officer is tailored to every type of company.

Based on best practice experience, we have put together service packages to suit every company. You can find the relevant packages and prices here here.