Data Protection

reasons
Information Security

reasons
External Data Protection Officer
services
External Information Security Officer
services
Penetration Testing

services
Contributions from
Holzhofer Consulting
blog
self test
External Data Protection Officer
Companies that are obliged to appoint a data protection officer have two choices: Let an internal employee to be educated and appointing him/her as a data protection officer or to engage an external data protection officer.

Costs and Efficiency
Aside from one-time and ongoing costs for education, membership fees, legal literature new internal data protection officers don't have the professional experience and a well sorted collection of templates and procedures for the typical documents and policies.

According to experience particularly data protection officers acting in part-time are prone that other projects are given more priority resulting in less to zero time for data protection tasks. It is not uncommon that we meet new clients having had an internal data protecting officer for years, however not having the very basic aspects of an appropriate level of data protection. This is not only due to lack of time. In many cases the internal data protection officer has a shortage of motivation, if he/she didn't really volunteer for this job. In addition often enough the data protection officer has retired and no one know the current status of data protection. Already spent investments then incur at least partially again.

Skills and Capabilities
During our initial audits we typically find a multitude of technical errors in the implementation which can be fined by the supervisor authorities. An external data protection officer has the required skills and professional experience as well as good relationships to the supervisor authorities. Companies need to ask themselves seriously if an internal employee is able to build up the required skills in data privacy laws and information security with a 3 or 5-day training only.

An external data protection officer should have access to proven documentation templates for the typical use cases, policies and instruction material. For compensating peaks in workload, holidays and periods of sickness the data protection officer should have access to additional manpower.

Dismissal Protection
Internal data protection officers belong to the privileged function owners. A revocation of an internal data protection officer can only be performed upon termination without notice. After the recall the dismissal protection is valid for one year for proper notice of termination. The extended dismissal protection is effective independently if the revocation based on voluntary or on termination without notice.

Conflicting Interests
Data protection officers have to be free of conflicting interests with their other duties and functions. Managing directors are excluded for the function as data protection officer. However many other functions having conflicting interests with data protection requirements are contradictory with the function of the data protection officer. These conflicts can be avoided by appointing an external data protection officer.

Our Service Offering
We provide experienced external data protection officers with all the here named advantages. Our service offerings as external data protection officer or coach for your internal data protection officer:

  • Conduction of initial audits to identify your level of data protection: We audit your data processing operations, management of authorizations and access permissions, sub contractor data processings, technical and organizational controls
  • Administration of registers of processing operations pursuant to § 4e and § 4g paragraph 2 BDSG (Federal Data Protection Act)
  • Conduction of prior checks pursuant to § 4d paragraph 5 BDSG (Federal Data Protection Act)
  • Data protection concepts
  • Policies and guidelines for data protection and information security
  • Policies for using Internet and e-mail
  • For you anonymous requests for information from the supervisor authorities
  • Data protection manuals and cheat sheets
  • Development and evaluation of technical and organizational controls pursuant to annex of section 9 BDSG (Federal Data Protection Act)
  • Auditing of external data processors according section 11 of BDSG (Federal Data Protection Act)
  • Data protection trainings for employees and top management
  • Continuous support: internal audits, reporting, project consulting

Depending on the company size and type and extent of processed data we are provide different offerings for our data protection services. We appreciate preparing a suitable offer for your company.
Certifications of our experts
Foto Martin Holzhofer External Data Protection Officer „Data protection and information security are crucial for every company. Save costs in these challenging areas by an external data protection officer and information security expert. We are pleased to help.“


Martin Holzhofer,
Holzhofer Consulting GmbH
Tel. Holzhofer Consulting GmbH