Following the introduction of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repeal of Directive 95/46/EC (General Data Protection Regulation) by the European legislator, the level of protection of personal data has increased significantly and external data protection officers, whose main task is to ensure that personal data is processed properly and that the obligations imposed on the controller and processor by the GDPR are fulfilled, have taken on an increasingly important role.
The data protection officer has the task of monitoring and advising on compliance with data protection in the company. In accordance with Article 39 sec.1 of the GDPR, the main tasks of the data protection officer additionally include:
According to § 38 sec. 1 of the Bundesdatenschutzgesetz (German Federal Data Protection Act), the controller and the processor must appoint a data protection officer if they generally employ at least 20 persons permanently with the automated processing of personal data. If the controller or processor carries out processing operations that are subject to a data protection impact assessment in accordance with Article 35 GDPR, or if they process personal data on a commercial basis for the purpose of transmission, anonymised transmission or for the purpose of market or opinion research, they must appoint a data protection officer, regardless of the number of persons involved in the processing.
It should be emphasised that the tasks of the data protection officer can be carried out not only by a hired employee, but also by an external contractor. As the external Data protection officer is not an employee of the company concerned, there is generally no possibility of a conflict of interest. The scope of the services provided by the external Data protection officer is defined in the service contract in each individual case. The main advantage of outsourcing the tasks of the data protection officer is that no additional employee needs to be permanently employed for the tasks of the data protection officer, which is of particular economic importance for smaller companies.
As an external data protection officer in Germany, Grau Rechtsanwälte PartGmbB ensures effective and professional protection of the processing of personal data in your company and enables efficient and lawful data management of your employees, contractual partners and clients.
We support you in connection with the applicable legal provisions and their changes in the area of data protection in Germany at national and European level. In addition, we can help you develop a Data protection policy in Germany.
By appointing Grau Rechtsanwälte PartGmbB as your external data protection officer, you are relieved of the liability that arises when appointing an internal data protection officer in a company. As the main task of the data protection officer is to ensure the lawful processing of personal data in the company, you also minimise the risk of high administrative fines of up to EUR 20.000.000,00 for violations of the GDPR provisions as well as further civil liability.
Grau Rechtsanwälte PartGmbB advises audits and supports companies, also as an external data protection officer, in the area of data protection.
If you have any further questions, please contact our office at +49 (0) 40 180 364 020 or office@graulaw.eu.
Do you have any questions or require our consultation?
Contact us. We will further help you.
© GRAU Rechtsanwälte PartGmbB, 2022 | Legal notice | Privacy Policy
© GRAU Rechtsanwälte PartGmbB, 2022
Legal notice | Privacy Policy
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | This cookie is set by the GDPR Cookie Consent Plugin and is used to record the user's consent to the "Advertising" category cookies. |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 Monate | Das Cookie wird durch die GDPR-Cookie-Zustimmung gesetzt, um die Zustimmung des Benutzers für die Cookies in der Kategorie "Funktional" aufzuzeichnen. |
cookielawinfo-checkbox-necessary | 11 Monate | Dieses Cookie wird vom GDPR Cookie Consent Plugin gesetzt. Das Cookie wird verwendet, um die Zustimmung des Nutzers für die Cookies der Kategorie "Notwendig" zu speichern. |
cookielawinfo-checkbox-others | 11 months | This cookie is set by the GDPR Cookie Consent Plugin. The cookie is used to save the user's consent for the cookies in the "Other" category. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by the GDPR Cookie Consent Plugin. The cookie is used to store the user's consent for the cookies in the "Performance" category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data. |
wp-wpml_current_language | session | Cookie of the "WPML" plugin that saves the current language of the website. |
Cookie | Duration | Description |
---|---|---|
CookieLawInfoConsent | 1 year | Records the standard button status of the corresponding category and the status of the CCPA. It only works in coordination with the primary cookie. |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the content of the website in real time. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | Used to distinguish users. |
_ga_ | 2 years | Used to persist session state. |
_gac_gb_ | 90 days | Contains campaign related information. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. |
_gid | 24 hours | Used to distinguish users. |