The external Data Protection Officers of Cortina Consult GmbH
We support you in the implementation of the GDPR - remote or on site
Data Protection Officer for your company
What is a Data Protection Officer?
A data protection officer is appointed to monitor compliance with the General Data Protection Regulation. He or she acts as a contact person for all data protection issues in companies, organizations and associations.
As a consulting service provider and external data protection officer, we ensure compliance and control of data protection in the collection, storage and processing of personal data in your company.
To integrate a suitable data protection management system and develop a suitable data protection strategy, we analyze the current status of data protection in your company in the form of a data protection audit.
In a non-binding discussion, the most important questions are clarified. The available resources are discussed and the time period is determined.
Your Data Protection Officer
Jörg ter Beek
As a TÜV-certified external data protection officer, he can answer your questions on the requirements of the GDPR, including these topics:
- Audit & Concept Review
- Data protection training
Who needs an external Data Protection Officer?
The answer to this question can be found by taking a look at the law. The German Federal Data Protection Act (BDSG) defines when an (external) data protection officer is required.
§4f para.1 sentence 3 BDSG: If a company employs at least twenty employees who process personal data automatically. It does not matter here whether these are freelancers, permanent employees or trainees. As soon as this work is carried out in digital form on a computer, automated processing of the data is to be assumed.§4f para.1 sentence 5 BDSG: An external data protection officer must be appointed if the company transmits, collects or processes personal data on a businesslike basis. The number of employees is irrelevant here.
These are, for example, market research companies or address publishers.
§Section 4f (1) sentence 5 BDSG: If the company processes particularly sensitive data. Here, the obligation to appoint a data protection officer exists regardless of the number of employees.
This includes, among other things:
- Marketing and Newsletters: Are you unsure whether the use of the available prospect and customer data is also in compliance with data protection?
- Company Website (web stores and blogs): Is the setting of cookies without prior consent of the user actually allowed?
- Video surveillance: You want to equip the company premises and your offices with cameras. Is this DSGVO-compliant?
- Dropbox (and other cloud storage): Your employees exchange data via cloud services. Are there (clear) rules in the company on how to handle the processing of personal data for this?
Important Note: Get an assessment from one of our external data protection officers and benefit from individual advice.
Have a look - our successful Projects
Internal vs. External
The difference between the internal and external Data Protection Officer
Regardless of whether they are a small startup or a large, established company, companies want to avoid fines and should therefore - whether mandatory or not - always keep an eye on the constant changes in the legal situation and have data protection measures regularly reviewed by an internal or external data protection officer.
The requirements for the data protection officer are extensive. The DPO therefore needs resources (primarily time) to set up a DPA-compliant data protection concept in the company.
Companies are often faced with the question of whether an internal or external data protection officer makes more sense for your company. We would like to make it clear to you why we are convinced that an external data protection officer is the better choice in every case.
|Internal DPO||External DPO|
|✔No extra labor costs|
An internal DPO can also perform other tasks for the company.
|✔ Transparent and plannable costs|
Flat-rate packages offer cost transparency. Outsourcing the work saves time internally.
|✔ Trust of the employees|
Confidence in the quality of the service does not have to be won first.
|✔ Expertise & many years of experience|
Vertrauen wird durch Qualität geschaffen. Die langjährige Erfahrung unserer DSB und DSK schafft effiziente Prozesse.
Danger of operational blindness
Internal employees are often deep in the corporate structures and have difficulty looking at them objectively.
|✔ Objective external perspective|
An objective point of view and personal distance to employees are advantageous for finding & implementing measures.
Liability risk for the company|
The company is liable for the actions of its own employees. In the event of a data protection incident or breach, this can be very expensive.
|✔ No risk for the company|
By implementing the GDPR with the help of an external expert, you are on the safe side and protect yourself from high fines.
Protection against dismissal|
Internal employees are subject to protection against dismissal.
|✔ Variable contract term|
The contract with an external data protection officer may be terminated at any time at the agreed notice period.
Acquiring qualifications for a data protection officer entails costs for the company.
|✔ No training costs|
The DPO shall bear all costs for its training and continuing education.
|✔ IT security included|
Some data protection consultants are also qualified as IT security officers and can cover this area at the same time.
An external DPO is always a good choice...
It is generally advisable to outsource data protection to an external data protection officer who is familiar with the specific challenges faced by companies in a wide range of industries. An objective view of business processes and thus ensuring a cost-efficient implementation of the General Data Protection Regulation (GDPR) without conflicts of interest are his key advantages.
Keyword: costs - Of course, this decision is also a cost issue for companies, because everyone wants a low-cost data protection officer. But here, too, the external data protection officer comes off better in comparison, since he not only bears his own training and continuing education costs, but can also be deployed as needed.
Prices & Packages
How much does an external Data Protection Officer cost?
Discover our service packages for small, medium or complex data protection requirements and order your external data protection officer at a fixed price.
Our certified specialists have proven knowledge and years of experience in data protection. We also take over the information duties so that you can concentrate on your daily business. With the help of Cortina Consult and our Data Protection Generator GDPR you can make your company, your business or your group GDPR compliant - So you can protect your company with our support from fines or sanctions of the authorities.
Consulting: Remote or on site
Have you found your city yet?
Your Data Protection Officers in:
Tasks of an Data Protection Officer?
A so-called data protection officer is responsible for ensuring compliance with data protection in all areas of a company. These areas are all those that deal with personal data, especially in relation to natural persons, and accordingly must be handled with particular care. Specifications for these tasks come from the Federal Data Protection Act (FDPA) as well as the General Data Protection Regulation (GDPR).
In principle, it is possible to create an internal position and hire or train a data protection officer yourself. For this, however, the person must have the appropriate expertise. In addition, justification for filling the position must always be provided to the data protection authority, which is why the DPO must present a certain certificate that qualifies him or her for this position.
Our Services for your Company
Position of the Data Protection Officer
Contact for authorities
We provide your DPO and are available as a contact for data protection issues as well as for communication with data protection authorities.
technical and organizational Measures
We examine the technical organizational measures in the company and support their optimization.
Data protection Audit and Concept
Data protection status analysis
We analyze the data protection status in the company and create a roadmap with measures for compliance with data protection requirements. The data protection manual supports implementation.
Documents and Templates
PC, PD and more
We provide templates for all necessary documents and assist with the creation of order processing contracts, processing directories and more.
Data protection Training
We give on-site or online seminars for employees to ensure the level of data protection in the company.
Frequently asked questions about the DPO
Companies can benefit from the work of an external data protection expert if he or she has in-depth knowledge of the European General Data Protection Regulation (GDPR) as well as national data protection law, which forms the basis of the consultation.
In addition, an external data protection officer should have several years of experience from various industries. This is the only way to be prepared for all eventualities and to know the structures and risks of small and large companies.
In addition to some soft skills such as communication and organizational skills, knowledge and qualifications (ISO) in the IT area are also required to guarantee information security in the company.
The GDPR gives the data protection officer an important organizational position in the company. The responsible body (vulgo: the management) is threatened with fines if the data protection officer cannot implement his or her tasks in accordance with the legal requirements.
The support of the data protection officer is to be sought in the following points:
- Education and training of the data protection officer;
- time to perform duties;
- the data protection officer enjoys freedom from instructions in the performance of his duties;
- he or she is subject to a duty of confidentiality;
- his or her contact data must be published;
- he or she receives extended protection against dismissal.
The contract design is based on the individual needs in your company. The external DPO then takes care of your exact wishes.
The data protection officer reviews and analyzes the current status of data protection in your company to identify the need for optimization and to plan and monitor the next steps.
Appointment of an external data protection officer
You receive a report (GAP report) on the results of the audit and the level of data protection in your company, as well as a risk assessment.
The data protection officer derives recommendations for action based on the weaknesses and security gaps and accompanies you with the help of an effective DSMS in the implementation of measures to permanently achieve a high level of data protection.
The GDPR obliges companies to appoint a DPO under certain circumstances. Failure to appoint a DPO constitutes a violation of the EU GDPR (Art. 37). Therefore, high fines of up to 10 million euros or 2 percent of the previous year's turnover can be the consequence.
Do you still have questions about the topic or about data protection in general?
We are happy to help you:
Your data protection officer
Jörg ter Beek
Data protection expert