The external Data Protection Officers of Cortina Consult GmbH

We support you in the implementation of the GDPR - remote or on site


Data Protection Officer for your company

What is a Data Protection Officer?

A data protection officer is appointed to monitor compliance with the General Data Protection Regulation. He or she acts as a contact person for all data protection issues in companies, organizations and associations.

As a consulting service provider and external data protection officer, we ensure compliance and control of data protection in the collection, storage and processing of personal data in your company.

To integrate a suitable data protection management system and develop a suitable data protection strategy, we analyze the current status of data protection in your company in the form of a data protection audit.

In a non-binding discussion, the most important questions are clarified. The available resources are discussed and the time period is determined.


Sprechen Sie uns an.

Wir beraten Sie gerne

+49 251 95 20 37 - 40


Ihr Ansprechpartner

Jörg ter Beek
+49 251 95 20 37 - 40
[email protected]

Your Data Protection Officer

Jörg ter Beek

As a TÜV-certified external data protection officer, he can answer your questions on the requirements of the GDPR, including these topics:

  • Audit & Concept Review
  • Data protection training
  • Website Check (Consent Management and Privacy Policy)

For more information on Jörg ter Beek, visit his XING or LinkedIn profile.

Who needs an external Data Protection Officer?

The answer to this question can be found by taking a look at the law. The German Federal Data Protection Act (BDSG) defines when an (external) data protection officer is required.

§4f para.1 sentence 3 BDSG: If a company employs at least twenty employees who process personal data automatically. It does not matter here whether these are freelancers, permanent employees or trainees. As soon as this work is carried out in digital form on a computer, automated processing of the data is to be assumed.§4f para.1 sentence 5 BDSG: An external data protection officer must be appointed if the company transmits, collects or processes personal data on a businesslike basis. The number of employees is irrelevant here.
These are, for example, market research companies or address publishers.

§Section 4f (1) sentence 5 BDSG: If the company processes particularly sensitive data. Here, the obligation to appoint a data protection officer exists regardless of the number of employees.

This includes, among other things:

  • Marketing and Newsletters: Are you unsure whether the use of the available prospect and customer data is also in compliance with data protection?
  • Company Website (web stores and blogs): Is the setting of cookies without prior consent of the user actually allowed?
  • Video surveillance: You want to equip the company premises and your offices with cameras. Is this DSGVO-compliant?
  • Dropbox (and other cloud storage): Your employees exchange data via cloud services. Are there (clear) rules in the company on how to handle the processing of personal data for this?

Important Note: Get an assessment from one of our external data protection officers and benefit from individual advice.


Have a look - our successful Projects

Internal vs. External

The difference between the internal and external Data Protection Officer

Regardless of whether they are a small startup or a large, established company, companies want to avoid fines and should therefore - whether mandatory or not - always keep an eye on the constant changes in the legal situation and have data protection measures regularly reviewed by an internal or external data protection officer.

The requirements for the data protection officer are extensive. The DPO therefore needs resources (primarily time) to set up a DPA-compliant data protection concept in the company.

Companies are often faced with the question of whether an internal or external data protection officer makes more sense for your company. We would like to make it clear to you why we are convinced that an external data protection officer is the better choice in every case.


Internal DPO External DPO
✔No extra labor costs
An internal DPO can also perform other tasks for the company.
✔ Transparent and plannable costs
Flat-rate packages offer cost transparency. Outsourcing the work saves time internally.
✔ Trust of the employees
Confidence in the quality of the service does not have to be won first.
✔ Expertise & many years of experience
Vertrauen wird durch Qualität geschaffen. Die langjährige Erfahrung unserer DSB und DSK schafft effiziente Prozesse.
Danger of operational blindness
Internal employees are often deep in the corporate structures and have difficulty looking at them objectively.
✔ Objective external perspective
An objective point of view and personal distance to employees are advantageous for finding & implementing measures.
Liability risk for the company
The company is liable for the actions of its own employees. In the event of a data protection incident or breach, this can be very expensive.
✔ No risk for the company
By implementing the GDPR with the help of an external expert, you are on the safe side and protect yourself from high fines.
Protection against dismissal
Internal employees are subject to protection against dismissal.
✔ Variable contract term
The contract with an external data protection officer may be terminated at any time at the agreed notice period.
Additional costs
Acquiring qualifications for a data protection officer entails costs for the company.
✔ No training costs
The DPO shall bear all costs for its training and continuing education.
✔ IT security included
Some data protection consultants are also qualified as IT security officers and can cover this area at the same time.

An external DPO is always a good choice...

It is generally advisable to outsource data protection to an external data protection officer who is familiar with the specific challenges faced by companies in a wide range of industries. An objective view of business processes and thus ensuring a cost-efficient implementation of the General Data Protection Regulation (GDPR) without conflicts of interest are his key advantages.

Keyword: costs - Of course, this decision is also a cost issue for companies, because everyone wants a low-cost data protection officer. But here, too, the external data protection officer comes off better in comparison, since he not only bears his own training and continuing education costs, but can also be deployed as needed.

Prices & Packages

How much does an external Data Protection Officer cost?

Discover our service packages for small, medium or complex data protection requirements and order your external data protection officer at a fixed price.

Our certified specialists have proven knowledge and years of experience in data protection. We also take over the information duties so that you can concentrate on your daily business. With the help of Cortina Consult and our Data Protection Generator GDPR you can make your company, your business or your group GDPR compliant - So you can protect your company with our support from fines or sanctions of the authorities.

For small & medium enterprises, B2B

175€ /Month

  • We provide your DPO
  • Initial analysis (document analysis)
  • Digital privacy manual (web-based platform)
  • Onboarding, coaching & progress review included.
  • Employee training (eLearning up to 25 employees)
  • Privacy hub: SMALL Package
  • Cookie banner (check & consulting), subsequent monitoring / reporting
  • Privacy policy for websites (1x CLOUD DSE), incl. protection against warning costs
  • Communication via TEAMS, phone & e-mail
  • Project management via service desk & ticket system
  • Support Hotline (IT, Legal, Web)
  • No travel expenses, flexible scheduling
  • Update Service & Newsletter
  • Personal contact

Perfect for e-commerce, logistics, IT & B2C

275€ /Month

  • We provide your DPO, incl. subsidiaries
  • Inventory (audit & document analysis)
  • Digital data protection manual (web-based platform) with 3 access points
  • Onboarding, coaching & progress review included.
  • Employee training (eLearning up to 75 employees)
  • Privacy Hub: MEDIUM Package
  • Cookie banner (check & consulting), subsequent monitoring / reporting
  • Privacy policy for websites (3x CLOUD DSE), incl. warning cost protection
  • Social Media Privacy Policy (e.g. Xing, FB, IG)
  • Communication via TEAMS, phone & e-mail
  • Project management via service desk & ticket system
  • Instant support (IT, Legal, Web)
  • Controlling: We keep an eye on your projects
  • No travel expenses, flexible scheduling
  • Update Service & Newsletter
  • Data protection seal
  • Personal contact

Perfect for companies with more complex requirements & B2C

Upon request

  • We provide your DPO, incl. subsidiaries, groups etc.
  • Inventory (audit & document analysis)
  • Digital data protection manual (web-based platform) with any number of accesses
  • Employee training (onsite, individual webinars, eLearning).
  • Privacy Hub: ENTERPRISE Package
  • Cookie Banner (implementation, configuration), subsequent monitoring / reporting
  • Privacy policy website (CLOUD DSE), incl. protection against warning costs
  • Social Media Privacy Policy (e.g. Xing, FB, IG)
  • Communication via TEAMS, phone & e-mail
  • Project management via service desk & ticket system
  • Instant support (IT, Recht, Web)
  • Onboarding, coaching & progress review including communication.
  • Data protection seal
  • Update service & newsletter (company-specific)
  • Personal contact & project manager
  • Individual package: scope according to contract


Tasks of an Data Protection Officer?

A so-called data protection officer is responsible for ensuring compliance with data protection in all areas of a company. These areas are all those that deal with personal data, especially in relation to natural persons, and accordingly must be handled with particular care. Specifications for these tasks come from the Federal Data Protection Act (FDPA) as well as the General Data Protection Regulation (GDPR).

In principle, it is possible to create an internal position and hire or train a data protection officer yourself. For this, however, the person must have the appropriate expertise. In addition, justification for filling the position must always be provided to the data protection authority, which is why the DPO must present a certain certificate that qualifies him or her for this position.

Our Services for your Company


Position of the Data Protection Officer

Contact for authorities

We provide your DPO and are available as a contact for data protection issues as well as for communication with data protection authorities.



technical and organizational Measures

We examine the technical organizational measures in the company and support their optimization. 


Data protection Audit and Concept

Data protection status analysis

We analyze the data protection status in the company and create a roadmap with measures for compliance with data protection requirements. The data protection manual supports implementation.


Documents and Templates

PC, PD and more

We provide templates for all necessary documents and assist with the creation of order processing contracts, processing directories and more.


Data protection Training

for employees

We give on-site or online seminars for employees to ensure the level of data protection in the company. 



Privacy Policy

The company website will be adapted to the requirements of the GDPR by means of a privacy policy and a cookie banner, as well as other measures if necessary.


Frequently asked questions about the DPO

What qualifications does a DPO need?

Companies can benefit from the work of an external data protection expert if he or she has in-depth knowledge of the European General Data Protection Regulation (GDPR) as well as national data protection law, which forms the basis of the consultation.

In addition, an external data protection officer should have several years of experience from various industries. This is the only way to be prepared for all eventualities and to know the structures and risks of small and large companies.

In addition to some soft skills such as communication and organizational skills, knowledge and qualifications (ISO) in the IT area are also required to guarantee information security in the company.

What support does the external data protection officer need in the company?

The GDPR gives the data protection officer an important organizational position in the company. The responsible body (vulgo: the management) is threatened with fines if the data protection officer cannot implement his or her tasks in accordance with the legal requirements.

The support of the data protection officer is to be sought in the following points:

  •  Education and training of the data protection officer;
  • time to perform duties;
  • the data protection officer enjoys freedom from instructions in the performance of his duties;
  • he or she is subject to a duty of confidentiality;
  • his or her contact data must be published;
  • he or she receives extended protection against dismissal.

How does the onboarding of the external DPO work?

1. Contract:

The contract design is based on the individual needs in your company. The external DPO then takes care of your exact wishes.

2. Audit:

The data protection officer reviews and analyzes the current status of data protection in your company to identify the need for optimization and to plan and monitor the next steps.

Appointment of an external data protection officer

3. Report:

You receive a report (GAP report) on the results of the audit and the level of data protection in your company, as well as a risk assessment.

4. Optimization:

The data protection officer derives recommendations for action based on the weaknesses and security gaps and accompanies you with the help of an effective DSMS in the implementation of measures to permanently achieve a high level of data protection.

What is the risk of not appointing a data protection officer?

The GDPR obliges companies to appoint a DPO under certain circumstances. Failure to appoint a DPO constitutes a violation of the EU GDPR (Art. 37). Therefore, high fines of up to 10 million euros or 2 percent of the previous year's turnover can be the consequence.

Our Certifications

Do you still have questions about the topic or about data protection in general?

We are happy to help you:


Your data protection officer

Jörg ter Beek
Data protection expert