Schwachhauser Heerstraße 214, D-28213 Bremen
+49 421 34 14 94
brm@brm.de
Jobs & Career Our Blog Imprint
brm IT Service Logo
brm IT Service Logo
Data protection officer: supervisory function without instructions
GDPR

Data protection officer: supervisory function without instructions

b.r.m. offers companies the services of an external company data protection officer.

In Germany, the tasks and activities of an internal or external data protection officer are governed by Articles 38 and 39 of the General Data Protection Regulation (GDPR) and Sections 6 and 7 of the Federal Data Protection Act (BDSG new). There are also state regulations. The data protection officer is responsible for monitoring compliance with the GDPR, the BDSG and other laws (Telemedia Act (TMG) or Telecommunications Act (TKG)). The data protection officer always acts independently and without instructions.

All companies and associations that are not public bodies must appoint a data protection officer as soon as at least ten people are permanently involved in the automated processing of personal data or the bodies process personal data on a commercial basis for the purpose of transmission, anonymized transmission or for the purpose of market or opinion research. 'Automated' is any processing that uses electronic data processing equipment (e.g. PCs) for business purposes. A data protection officer should also be appointed if a data protection impact assessment needs to be carried out. The data protection officer either originates 'internally' from the organization or must be appointed 'externally' and must be reported to the competent supervisory authority. There are no longer any deadlines since the GDPR, so the data protection officer should be notified as soon as possible in order to avoid possible penalties.

Not just anyone can become a data protection officer. He or she must fulfill three main criteria:

1. professional qualification and expertise in the field of data protection law

2. expertise in the field of data protection practice

3. ability to perform the tasks specified in Art. 39 GDPR.

Of course, a data protection officer should also be able to maintain discretion and have a certain talent for conflict resolution and organization.

Anyone who is unable to fulfill the function of a data protection officer 'from on-board resources' is welcome to use us and our experience 'externally' from b.r.m.. If you have any questions, please contact our company data protection officers Harald Rossol and Senior Consultant Rainer Dedermann .

DSGVO and GDPRDSGVO and GDPRJune 13, 2022
Personal dataJune 14, 2022