Many companies carrying out data processing on a large scale or which involves sensitive personal data need to appoint a Data Protection Officer (DPO) under the GDPR. For companies with establishments in Germany, the requirement already applies if they employ at least 20 employees. Learn about the advantages of an external solution.
The GDPR has a very broad scope of application: companies doing business within the EU will often be subject to the GDPR, even if they have no establishments in the EU. Most of such non-EU businesses are required to appoint an EU GDPR representative who acts as a local point of contact for data subjects and supervisory authorities.
The EU GDPR ceases to apply in the United Kingdom as of January 1, 2021. Many companies doing business with the UK will then be required to appoint a data protection representative under the new UK GDPR who acts as a local point of contact for data subjects and supervisory authorities.