External data protection officer according to GDPR
The General Data Protection Regulation (GDPR) stipulates the appointment of a data protection officer for many companies in the European Union (EU).
For the vast majority of companies, appointing a legally and technically skilled expert as their external data protection officer is recommended. The officer advises management on matters of data protection, trains the employees and regularly inspects the technical and organisational implementation of data protection in the company.

Benefits of the external data protection officer
Of course, the complex duties of the data protection officer can be performed by an employee of a company. However, this employee would have to be released from his actual duties and given extensive training. You should not underestimate the demands placed on such an employee and the associated costs.
Conversely, the benefits of having an external data protection officer are obvious. The most important advantages you’ll have by utilising our experts are summarised for you here:
Data protection expertise
IT skills
Diverse experience
Knowledge of the authorities
Training experience
No conflict of interest
Automatic continuing education
Predictable costs
No termination protection
Cost of an external data protection officer
As your external data protection officer, the experts of activeMind AG work closely with the employees in your company. The effort involved depends heavily on the division of labour between the data protection officer and the contact people in the company. The following three data protection flat rates are available to you:
We always calculate our offers individually in order to provide you with professional service at a realistic and fair price.
Even if one assumes that external data protection officers will limit themselves to quickly fulfilling their minimum legal obligations and the rest will be independently implemented by the company, the data protection officer has the following minimum duties according to Art. 39 of the GDPR:
- Informing and advising the responsible people and employees in the company as well as the data subjects
- Monitoring compliance with the GDPR and other data protection regulations
- Monitoring the strategy, including the following questions:
- How are the responsibilities assigned?
- What is the level of sensitisation and training of the employees involved in the processing operations?
- How are the respective inspections carried out?
- Consultation in connection with the data protection impact assessment and monitoring its implementation
- Collaboration with the supervisory authority
- Acting as the contact point for the supervisory authority for processing-related matters, including prior consultation and, if applicable, providing counsel on all other issues.
As a conservative estimate, this will require several hours a month on average. For simplicity, even if only one hour a month were assumed, it turns out that many flat-rate prices do not include the promised individual consultation provided by an ‘expert’. The remaining hourly rates do not adequately compensate actual professionals, who are in fact supposed to consult on a case-by-case basis.
For these reasons, we do not make any price promises that we cannot keep, and we also refrain from dubious ‘bait-and-switch’ offers. With us you receive the consultation you actually need for a specific case, by employees who have both the technical and legal expertise required.
Duties of the external data protection officer
If you appoint an activeMind AG expert as your external data protection officer, he or she will supervise compliance with all data protection requirements in your company. In close cooperation with your management, all relevant processes will be reviewed and, if necessary, optimised. The external data protection officer is also a constant contact person for employees and data subjects.
In accordance with your needs, our external data protection officers also provide additional services, such as assistance with risk analysis or the implementation of data protection impact assessments as well as drafting the records of processing activities. The detailed duties and services of the external data protection officer are listed for you in the following table:
The appointment of the external data protection officer in 4 easy steps
1. Contract
The contract we draft together with you is based on the individual needs of your company. In this way, your external data protection officer will take care of exactly what you want.
2. Kick-off
Document review by our expert, on-site inspection of relevant corporate IT and interviews with the people responsible for IT, personnel, marketing, sales, and other relevant business units.
3. Report
After this audit, you will receive concise documentation of the current state of data protection in your company. The report contains concrete and prioritised recommended actions with respective levels of maturity.
4. Optimisation
We support you during the implementation of the measures in order to achieve a long-term, convincingly high level of data protection and to constantly improve it.
Free request
We ask for your understanding that we can only reply to enquiries that have been completed in full.
Unfortunately, we cannot make offers for companies with fewer than 10 employees because they usually do not need a data protection officer.
Satisfied customers of activeMind AG






























