Many companies are obliged by the EU GDPR or by national data protection laws, such as the the Federal Data Protection Act in Germany or the UK GDPR in the United Kingdom, to designate a Data Protection Officer (DPO).
The obligation applies if the economic activities require processing of personal data on a large scale or of personal data that is considered sensitive. Moreover, a company with an establishment in Germany will need to appoint a DPO if it employs at least 20 persons with automated data processing (e.g. by using a computer), or if it carries out data processing that is subject to a so-called data protection impact assessment.
Although an internal solution is possible under the GDPR, an outsourcing is more attractive to many companies. An external DPO can save resources:
- a full-time DPO is an expensive employee because of his necessarily high level of expertise,
- above all, the DPO has to be independent which disqualifies him for many other tasks inside a company,
- external service providers often have a vast experience regarding data protection practices and can drive compliance more effectively.
The main task of a DPO is to monitor the company’s compliance with data protection laws. The DPO has to inform and advise the company and its respective employees about their duties related to the processing of personal data. Besides this, the DPO shall be the contact person for
- data subjects regarding all issues related to processing of their data and exercising their rights under the GDPR
- the data protection supervisory authority for any consultations concerning processing activities of the company.
We are experienced in providing external GDPR DPO services across all industries. DP Dock not only serves customers in the EU but also businesses based in the US, Australia, and Asia, which plan to enter the European markets.
Our services include:
- access to DP Dock's DPO Cockpit, our knowledge database for staff training, templates, news, and general information on EU Data Privacy Laws.
- consulting services to cover your GDPR-related need for advice in day-to-day business as well as to process external inquiries,
- regular audits to verify and document your compliance with the DPO requirements under the EU GDPR.
If a company is obliged to appoint a DPO but fails to do so, this may lead to fines of up to EUR 10,000,000.00 or 2% of the company’s annual group turnover, whatever is higher.
Furthermore, a DPO can prevent the company from even higher fines that can be imposed for violations of particular GDPR provisions.