If you fail to properly appoint a data protection officer for your company or take data protection lightly, you can be fined up to EUR 20,000,000 / EUR 10,000,000 or up to 4% / 2% of the total worldwide annual turnover of the previous business year. Only the legally impeccable appointment of a competent data protection officer protects the management from claims in the event of data protection-related incidents in the event of liability.
All commercial enterprises and public authorities, that process personal data (e.g. the data of their employees, customers and suppliers) are obliged to comply with data protection laws.
You must appoint a data protection officer if ...
you usually employ at least twenty persons on a permanent basis for the automated processing of personal data,
or you carry out processing operations that are subject to a data protection impact assessment,
or you process personal data on a business basis for the purpose of transmission, anonymised transmission or for the purpose of market or opinion research.
Does any of this apply to your company?
The prerequisites for the appointment of a data protection officer are expertise (knowledge of data protection law, data processing technology and business management) and reliability. An employee of the company who is appointed as a data protection officer must be released from 20 % of his or her working time for this activity. The law also excludes certain persons (e.g. managing directors, human resources managers, operations managers, heads of IT, heads of the legal department, etc.) from serving as internal data protection officers due to the risk of a conflict of interests.
Does that leave you with a wide choice of expert staff?
Appointing an external Data Protection Officer serves many purposes:
Overall, the costs for an external consultant are so low that this is a good option to comply with the legal requirements (and avoid a high fine!) without much effort.
Let's talk about it!
Due to the increased requirements for documentation obligations in companies, we developed the PATRONFLEX software together with our partner APPSALOT in order to simplify the implementation of the legal requirements.
Especially by means of templates and lists of proposals PATRONFLEX enables the effortless creation and efficient maintenance of the legally required processing overviews, as well as a structured data protection overview of the company (AVV administration, TOM, etc.).
Further information can be found HERE.
Besides executing all standard tasks of data protection, we are familiar with special aspects and peripheral areas of data protection as well. Please see the following shortlist, of top-requested items, as well as content which uses to be outsourced on a regular basis for avoiding the extensive consumption of resources, internal handling requires:
Data protection seems to consume resources without providing measurable benefits in return. As a result, data protection in many companies only has an alibi character. However, our data protection concept, which is primarily oriented towards the self-interest of the company, brings the company added value beyond the purely formal fulfilment of the legal requirements by simultaneously protecting and securing the information that is important for the company.