The practice and legal basis of the appointment and work of the company data protection officer (DPO) are the subject of this page.
Data protection performance objectives
The data protection objectives according to the standard data protection model of the Conference of Independent Data Protection Officers of the Federal Republic of Germany and the German States are:
- Data minimization
- Non-interconnectivity and
Compliance with the data protection assurance objectives must be documented.
Tasks of the data protection officer
According to Art. 39 DSGVO, the data protection officer has at least the following tasks:
- Informing and advising the controller
- Monitoring compliance with data protection regulations
- Raising awareness and training employees
- Cooperation with the competent supervisory authority and
- Contact point for the supervisory authority
The company must make the necessary resources available to the data protection officer for this purpose.
External or internal DPO?
In many cases, an external data protection officer (DPO) is much more cost-effective because he or she assumes many of the costs that would otherwise have to be borne by the employer of the internal data protection officer and can usually spread them over several clients. Depending on the operational situation, the decision may still be in favor of an internal DPO. In this case, too, we can provide effective support for your data protection officer and help to complete the aforementioned tasks cost-effectively. You can find more information here.
Court rulings and fines
Undoubtedly, data protection is picking up speed significantly since the GDPR came into force. Effective fines in the millions have already been imposed, and supreme court rulings are leading to clarification of complex issues, such as the requirements for informed consent in online services.
The rights of citizens
The fundamental right to informational self-determination has been significantly strengthened with the entry into force of the GDPR. Every citizen has a legal right to information, objection if necessary, correction and deletion, as well as compensation for damages if their rights are not respected.