External data protection officer according to GDPR

The General Data Protection Regulation (GDPR) stipulates the appointment of a data protection officer for many companies in the European Union (EU).

For the vast majority of companies, appointing a legally and technically skilled expert as their external data protection officer is recommended. The officer advises management on matters of data protection, trains the employees and regularly inspects the technical and organisational implementation of data protection in the company.

Benefits of the external data protection officer

Of course, the complex duties of the data protection officer can be performed by an employee of a company. However, this employee would have to be released from his actual duties and given extensive training. You should not underestimate the demands placed on such an employee and the associated costs.

Conversely, the benefits of having an external data protection officer are obvious. The most important advantages you’ll have by utilising our experts are summarised for you here:

Data protection expertise

Our lawyers already have the requisite specialised knowledge and many years of professional experience in data protection law.

IT skills

We know how to technically implement the legal requirements most effectively.

Diverse experience

Our experts know data protection solutions for companies of all sizes and industries.

Knowledge of the authorities

We know what data protection authorities emphasise during audits.

Training experience

The lawyers of activeMind AG are trainers at chambers of industry and commerce (IHK) and have comprehensive training experience.

No conflict of interest

Our external data protection officer is unbiased with regard to your executives, your management and your employees.

Automatic continuing education

You do not have to worry about continuing education for the data protection officer – our experts are regularly trained and certified.

Predictable costs

We work at a guaranteed fixed price – with our data protection flat rate, you have planning security.

No termination protection

Internal data protection officers are protected against termination. With an external data protection officer, you can simply end the contract.

Cost of an external data protection officer

As your external data protection officer, the experts of activeMind AG work closely with the employees in your company. The effort involved depends heavily on the division of labour between the data protection officer and the contact people in the company. The following three data protection flat rates are available to you:

Data Protection Basis

  • Compliance with the minimum legal requirements
  • No compliance with additional regulatory standards
  • No active data protection management

Show details

Data Protection Business

  • Compliance with the minimum legal requirements
  • Compliance with additional regulatory standards
  • No active data protection management

Show details

Data Protection Management

  • Compliance with the minimum legal requirements
  • Compliance with additional regulatory standards
  • Active data protection management

Show details

Why you can’t find prices for the external data protection officer on this page

We always calculate our offers individually in order to provide you with professional service at a realistic and fair price.

Even if one assumes that external data protection officers will limit themselves to quickly fulfilling their minimum legal obligations and the rest will be independently implemented by the company, the data protection officer has the following minimum duties according to Art. 39 of the GDPR:

  • Informing and advising the responsible people and employees in the company as well as the data subjects
  • Monitoring compliance with the GDPR and other data protection regulations
  • Monitoring the strategy, including the following questions:
    • How are the responsibilities assigned?
    • What is the level of sensitisation and training of the employees involved in the processing operations?
    • How are the respective inspections carried out?
  • Consultation in connection with the data protection impact assessment and monitoring its implementation
  • Collaboration with the supervisory authority
  • Acting as the contact point for the supervisory authority for processing-related matters, including prior consultation and, if applicable, providing counsel on all other issues.

As a conservative estimate, this will require several hours a month on average. For simplicity, even if only one hour a month were assumed, it turns out that many flat-rate prices do not include the promised individual consultation provided by an ‘expert’. The remaining hourly rates do not adequately compensate actual professionals, who are in fact supposed to consult on a case-by-case basis.

For these reasons, we do not make any price promises that we cannot keep, and we also refrain from dubious ‘bait-and-switch’ offers. With us you receive the consultation you actually need for a specific case, by employees who have both the technical and legal expertise required.

Duties of the external data protection officer

If you appoint an activeMind AG expert as your external data protection officer, he or she will supervise compliance with all data protection requirements in your company. In close cooperation with your management, all relevant processes will be reviewed and, if necessary, optimised. The external data protection officer is also a constant contact person for employees and data subjects.

In accordance with your needs, our external data protection officers also provide additional services, such as assistance with risk analysis or the implementation of data protection impact assessments as well as drafting the records of processing activities. The detailed duties and services of the external data protection officer are listed for you in the following table:

Data Protection Basis Data Protection Business Data Protection Management
Appointment of a data protection officer
Activity reports 1 x annually 2 x annually 2 x annually
Status discussion(s) 1 x annually (Telephone/Skype) 2 x annually on-site 2 x annually on-site
Regular data protection newsletter for the responsible person in the company
Support on any number of inquiries relevant to data protection Per inquiry ≤ 15 minutes Per inquiry ≤ 30 minutes Per inquiry ≤ 60 minutes
Training any number of employees at the corporate headquarters 1 x annually 2 x annually
Access to the online-training portal for a maximum of 10 employees for a maximum of 20 employees for a maximum of 50 employees
Processing directory 5 processings/year 10 processings/year 20 processings/year
Information obligations according to Art. 13, 14 GDPR For 5 processings/year For 10 processings/year For 20 processings/year
Review of the privacy policy and imprint on the website (without a shop) 1 x annually 1 x annually 1 x annually
Draft IT usage guideline
Data protection impact assessment (implementation consultation and monitoring)
Commissioned processing: Contract inspection and review (not on-site) 1 service provider/month 2 service provider/month
Draft retention and deletion policy
Draft emergency policy data breach
Draft data protection policy
Draft authorization allocation guideline
Draft commissioned processing guideline
Draft guideline on data-subjects’ rights
Human resources: diverse templates, fact sheets, checklists
Draft risk analysis guideline
Draft data protection guideline + manual
Data protection process control
Conducting internal audits with reports 1 x annually

Data Protection Basis

  • Appointment of a data protection officer
  • Activity reports (1 x annually)

  • Status discussion(s) (1 x annually per Telephone/Skype)

  • Regular data protection newsletter for the responsible person in the company
  • Support on any number of inquiries relevant to data protection (Per inquiry≤ 15 minutes)

  • Training any number of employees at the corporate headquarters

  • Access to the online-training portal for a maximum of 50 employees
  • Processing directory (5 processings/year)
  • Information obligations according to Art. 13, 14 GDPR (For 5 processings/year)

  • Review of the privacy policy and imprint on the website (without a shop, 1 x annually)
  • Draft IT usage guideline
  • Data protection impact assessment (implementation consultation and monitoring)

  • Commissioned processing: Contract inspection and review (not on-site)
  • Draft retention and deletion policy
  • Draft emergency policy data breach
  • Draft data protection policy
  • Draft authorization allocation guideline
  • Draft commissioned processing guideline
  • Draft guideline on data-subjects’ rights
  • Human resources: diverse templates, fact sheets, checklists
  • Draft risk analysis guideline

  • Draft data protection guideline + manual

  • Data protection process control
  • Conducting internal audits with reports

Data Protection Business

  • Appointment of a data protection officer
  • Activity reports (2 x annually)

  • Status discussion(s) (2 x annually
    on-site)

  • Regular data protection newsletter for the responsible person in the company
  • Support on any number of inquiries relevant to data protection (Per inquiry ≤ 30 minutes)

  • Training any number of employees at the corporate headquarters (1 x annually)

  • Access to the online-training portal for a maximum of 50 employees
  • Processing directory (10 processings/year)

  • Information obligations according to Art. 13, 14 GDPR (For 10 processings/year)

  • Review of the privacy policy and imprint on the website (without a shop, 1 x annually)
  • Draft IT usage guideline
  • Data protection impact assessment (implementation consultation and monitoring)

     

  • Commissioned processing: Contract inspection and review (not on-site, 1 service provider/month)
  • Draft retention and deletion policy
  • Draft emergency policy data breach
  • Draft data protection policy
  • Draft authorization allocation guideline
  • Draft commissioned processing guideline
  • Draft guideline on data-subjects’ rights
  • Human resources: diverse templates, fact sheets, checklists
  • Draft risk analysis guideline

  • Draft data protection guideline + manual

  • Data protection process control
  • Conducting internal audits with reports

Data Protection Management

  • Appointment of a data protection officer
  • Activity reports (2 x annually)

  • Status discussion(s) (2 x annually on-site)

     

  • Regular data protection newsletter for the responsible person in the company
  • Support on any number of inquiries relevant to data protection (per inquiry ≤ 60 minutes)

  • Training any number of employees at the corporate headquarters (2 x annually)

  • Access to the online-training portal for a maximum of 50 employees
  • Processing directory (20 processings/year)

  • Information obligations according to Art. 13, 14 GDPR (For 20 processings/year)

  • Review of the privacy policy and imprint on the website (without a shop, 1 x annually)
  • Draft IT usage guideline
  • Data protection impact assessment (implementation consultation and monitoring)

  • Commissioned processing: Contract inspection and review (not on-site, 2 service providers/month)
  • Draft retention and deletion policy
  • Draft emergency policy data breach
  • Draft data protection policy
  • Draft authorization allocation guideline
  • Draft commissioned processing guideline
  • Draft guideline on data-subjects’ rights
  • Human resources: diverse templates, fact sheets, checklists
  • Draft risk analysis guideline

  • Draft data protection guideline + manual

  • Data protection process control
  • Conducting internal audits with reports (1 x annually)

The appointment of the external data protection officer in 4 easy steps

  • null

    1. Contract

    The contract we draft together with you is based on the individual needs of your company. In this way, your external data protection officer will take care of exactly what you want.

  • null

    2. Kick-off

    Document review by our expert, on-site inspection of relevant corporate IT and interviews with the people responsible for IT, personnel, marketing, sales, and other relevant business units.

  • null

    3. Report

    After this audit, you will receive concise documentation of the current state of data protection in your company. The report contains concrete and prioritised recommended actions with respective levels of maturity.

  • null

    4. Optimisation

    We support you during the implementation of the measures in order to achieve a long-term, convincingly high level of data protection and to constantly improve it.

Free request

    • General questions
    • Your company
    • Your details
    • Your message

    1. General questions

    Please select the desired package for your external data protection officer: *

    How many employees does your company have (at all locations)?

    Does your company have independent locations in or outside of Germany?*

    2. Information about your company

    3. Your personal information

    4. Send us a personal message below.

    Full details of how we handle your data can be found in our privacy policy.

    We ask for your understanding that we can only reply to enquiries that have been completed in full.

    Unfortunately, we cannot make offers for companies with fewer than 10 employees because they usually do not need a data protection officer.

    Satisfied customers of activeMind AG

    Logo Mobilka GmbH
    Schweitzer Fachinformationen
    Logo NEP Germany
    Logo Plan International
    Logo Portal München Betriebs-GmbH & Co. KG
    Logo LivingData
    Logo Stiftung ICP München
    Vorwerk
    Rote Nasen
    Lampe Equity Management
    Komatsu Forest GmbH
    Klinikum Dritter Orden
    Mast-Jägermeister SE
    iPrax Systems
    Gesellschaft für soziale Unternehmensberatung
    First Sensor
    Finanzchef24 GmbH
    Filmpark Babelsberg
    Evalanche der SC-Networks GmbH
    EURAMCO Holding GmbH
    Bio-Rad Inc.
    Auxilius Services
    Arithnea GmbH
    Willy Bogner GmbH & Co. KGaA