Data protection officers – internal or external?

Companies that are required to appoint a data protection officer (DPO) are free to choose whether to assign this task to an external or an internal data protection officer.

The external data protection officer

The external data protection officer is an independent contractor with whom the company concludes a service agreement. As a rule, the external data privacy officer will have several customers for whom he acts as data privacy officer. Since he is constantly dealing with data protection issues of different companies, he has a broad knowledge, knows weak points and has standard solutions for problems ready.

No special regulations regarding protection against dismissal apply to the contract with the external DPO. He has unlimited liability in accordance with the statutory regulations. In addition, the external DPO usually has appropriate business and financial loss liability insurance.

As a rule, the external DPO has no special ties to any area of the company, so that he or she can perform his or her duties and obligations without bias.

The internal data privacy officer

The internal data protection officer is an employee of the company.

In his or her function as data privacy officer, he or she enjoys protection against dismissal laid down by law. He or she can only be held responsible for errors in exceptional cases.

It is often necessary for an internal DPO to first acquire the necessary basic knowledge. In addition, the DPO is required to undergo regular training on the latest changes in legislation and applications. These costs must be borne by the company.

The internal DPO is integrated into the company and has comprehensive knowledge of the various departments and areas. This has the advantage that he knows the company’s neuralgic points and his colleagues deal with him more openly than with an external DPO. However, this integration can also lead to conflicts of interest.

Conclusion: In particular, the special regulations of the protection against dismissal speak in favor of choosing an external DPO. Due to his experience and knowledge, the external DPO often recognizes the weak points more quickly and has the appropriate solution ready.

 

Prof. Dr. Frank Tapella

Prof. Dr. Frank Tapella>19 Beiträge