The photo shows a man in a blue suit with a pink shirt, smiling and crossing his arms in front of his chest.

External Data Protection Officer


With sound expertise and pragmatic solutions, we ensure assist in bringing your data protection compliance up to speed.

Arrange your free consultation appointment:

Book free online consultation

Go to contact form

Seal - iapp Bronze Member

Target group

Which company needs an external data protection officer?

Wave as graphic
Two ladies are sitting in front of a laptop, which is placed on a glass desk, and are discussing.

Duty to appoint

Many companies are required by the GDPR or the German data protection act (BDSG) to appoint a Data Protection Officer (DPO).

The obligation generally exists as soon as company's activity leads to particularly extensive or sensitive processing of personal data. For companies with an establishment in Germany, the obligation also exists if at least 20 persons are tasked with the automated processing of personal data (e.g. via, the use of a computer) or carry out data processing activities that are subject to so-called data protection impact assessments.

01 Expertise and experience

External Data Protection Officers, like our company, possess extensive knowledge in data protection and privacy law, along with years of experience in optimizing processes for data protection compliance.  

We are well-prepared to support you in achieving compliance with the GDPR and the German Federal Data Protection Act (BDSG).

02 Saving resources

The requirements for data protection officers are very high. Appointing an internal data protection officer can be costly for a company, especially considering the necessary training and time requirements. As an external data protection officer, we can help you save resources while ensuring that the company's data protection obligations are met professionally and efficiently.


03 Protection against dismissal and conflicts of interest

Not every employee qualifies as an internal data protection officer: If there are conflicts of interest with the employee's other activities (often the case with senior employees), the internal data protection officer has not been properly appointed. Internal data protection officers also benefit from extensive legal protection against dismissal; appointing the wrong person can backfire, respectively.


04 Protection against fines

Companies that fail to comply with their obligation to appoint a data protection officer risk fines of up to EUR 10,000,000 or 2% of the company's global annual turnover.


Role & tasks of the External Data Protection Officer

Wave as graphic
Icon compliant

Monitoring and consulting

The data protection officer monitors the company's compliance with data protection laws and audits the company regularly and independently. He advises the company and its employees on their obligations under data protection law.

Icon training

Employee training

The data protection officer shall raise awareness of data protection issues within the company. This is often done through training and making employees aware of their obligations under data protection law.

Icon authority

Contact person for data subjects and supervisory authorities

The data protection officer serves as a point of contact for both, employees and management, who have questions about the processing of personal data in the company. In addition, the data protection officer is also often the main contact for supervisory authorities on issues relating to the company's data processing activities.

Icon manager

Support in day-to-day business

The data protection officer assists the company in creating and updating its data protection documentation, for example, the records of processing activities (RoPA), data processing agreements, consent declarations, data protection notices and data protection impact assessments.


Client testimonies about our data protection services

Wave as graphic
The view of the Port of Hamburg from above is breathtaking with the Elbphilharmonie in the background and a beautiful blu
Logo - Redbubble

(Data Protection Officer: DPO)
Redbubble Inc., 111 Sutter Street, 17th Floor, San Francisco, CA 94104, USA

„DP-Dock brings real value to privacy compliance with their professionalism, responsiveness and depth of experience advising global tech companies operating in Europe.”

Logo - Universal Tennis

(Data Protection Officer: DPO)
Universal Tennis, LLC, 525 University Avenue, Palo Alto, CA 94301, USA

„DP-Dock is our designated Art. 27 GDPR representative for many years – more recently they are, in addition, our external DPO: a decision we’ve been happy with. Their understanding of global trends in data privacy is remarkable – including the provision of awareness trainings for our employees across the globe.“

Logo - ottobock

(Data Protection Officer: DPO)
Ottobock SE & Co. KGaA, Max-Näder-Strasse 15, 37115 Duderstadt, Germany

DP-Dock is our external data protection officer. They work with us in a targeted and trustworthy manner in an environment where we have many locations around the world. We are fully satisfied with their service. They are pragmatic, solution-oriented, qualified and fast when needed."


Arrange a free first consultation appointment
with our data protection experts

Wave as graphic
A man in a blue suit and pink shirt holds a smartphone to his ear and smiles. A succulent can be seen in the background on the right.

Ballindamm 39
20095 Hamburg

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Expire in days 72
Privacy policy
Use Use without cookies
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again