Why do you need us as your external data protection officer?
- Do you employ at least 20 employees who handle personal data?
- Do you work extensively with special categories of data, such as health data?
- Are you not quite sure where data protection takes place in your business processes?
- You want to outsource the implementation of data protection as much as possible.
- You are introducing new software or transferring data to a third country.
- You want to ensure that your data in the IT system is confidential, intact, and available at all times.
Let us advise you. We are available in and around Dresden, throughout Saxony, and nationwide online.
What are the tasks of an external data protection officer?
The Data Protection Officer, also known as the external DSB, advises the management on the implementation of data protection. The duties are regulated in Article 39 of the EU GDPR. In many companies, it is essential that the DSB is also responsible for implementing the measures. In particular, the following tasks are assigned to them:
- The DSB informs and advises the responsible parties, i.e., the management, regarding their obligations under the EU GDPR as well as other data protection regulations of the Union or the member states.
- The external DSB monitors compliance with the EU GDPR as well as the strategies of the responsible party or the data processor for the protection of personal data, including the allocation of responsibilities, raising awareness, and training of employees involved in the processing activities, and the related audits.
- Upon request, your external DSB advises you on a Data Protection Impact Assessment and monitors its implementation in accordance with Article 35.
- The Data Protection Officer regularly collaborates with the supervisory authority.
- In case of questions from the supervisory authority, the Data Protection Officer serves as the point of contact for issues related to the processing, including prior consultation according to Article 36,
- In carrying out his tasks, the Data Protection Officer (DPO) appropriately takes into account the risks associated with the processing operations, considering the nature, scope, circumstances, and purposes of the processing.
How does the DPO conduct the inventory?
At the beginning, the external Data Protection Officer (DPO) responsible for you gains an overview of the current state of previous activities. The inventory forms the basis for further collaboration. It includes:
- The rough assessment of the IT infrastructure
- The examination of processes/data processing activities involving personal data for data protection compliance
- The creation of the action plan
- The creation and presentation of the audit report
What are the benefits of an external Data Protection Officer for your company?
Assigning the position of the Data Protection Officer to an external service provider saves both money and nerves in the long run. We bring ready-made solutions for everyday situations. The wealth of experience from many different companies benefits you in this process.
- Assumption of liability
- Immediately deployable know-how
- Risk minimization for the company
- Transparent cost structure
- Certification of your company
- Savings on training costs
- Permanent availability
- Practical implementation – with a focus on the essentials
- Experience gained from other companies and industries
- Neutral perspective on the different company departments
- No conflicts of interest
- Improved external perception with authorities, certification bodies, and partners.
- Online data protection training
Are there any disadvantages?
Since it is an external employee, they are not involved in the day-to-day business and must first get to know your company through interviews or long-term collaboration. If there are too many gaps in communication, the external data protection officer may not be able to respond to relevant changes in the company in a timely manner.
Prices – What costs should I expect for an external data protection officer?
How does data protection contribute to a positive public image?
How does data protection secure our digital processes?
We offer our clients various packages with different prices.
1️⃣ Our "Basic Package"
In this package, we will schedule an annual status meeting with you. During this meeting, we will inform you about the latest updates in data protection. We will update the action plan and create a status report. Throughout the year, we are available to you on request.
- Annual consultation meeting
- Updating of the action plan
- Creation of the status report in accordance with Article 5(2) EU GDPR
- Delivery of sample documents
2️⃣ Our "Medium Package"
When choosing this package, you have a budget of 2 hours per quarter available. Your external data protection officer will work with you within this framework to implement the requirements of the EU GDPR. This budget can be used for training purposes. It is also available for the implementation of the measures from the basic check.
- Consultation on the implementation of the EU GDPR 2h / quarter
- Delivery of sample documents
- Contact person for authorities and data subjects
- Review of data processing agreements
- Annual audit
- Preparation of status report in accordance with Art. 5 (2) EU GDPR
3️⃣ Our “Full-Service Package”
Your external data protection officer from KVINNE GmbH will create the necessary documents for you and continuously carry out all required measures. This package is particularly suitable for companies with multiple locations and a high level of digitalization. The following measures and advisory focuses can be implemented with this package:
- Consultation and implementation of the EU GDPR 2h/month
- Conducting training sessions
- Preparation of the processing activities register
- Definition of the technical and organizational measures
- Carrying out the data protection impact assessment
- Formulation of customized policies/instructions for employees
- Creation of the privacy policy for the website
- Creation of the privacy policy for other purposes
- Review and creation of data processing agreements
- Delivery of sample documents
- Contact person for authorities and data subjects
- Building your data protection management system
- Annual audit and continuous improvement of your data protection
- Creation of the status report in accordance with Article 5(2) EU GDPR
- Online Data Protection Training Platform
Why an external data protection officer from Dresden?
An external data protection officer from Dresden can efficiently support companies across Germany, as most of the consulting and monitoring services in the field of data protection can be carried out remotely. Thanks to modern technologies such as video conferences, secure data transfer, and digital audits, location-independent collaboration is not only possible but often cost-effective and time-saving.
For in-person appointments, which can take place once a year, Dresden, as the state capital, offers excellent infrastructure. The city is well-connected to the national transport network via the A4 and A13 highways and the international Dresden Airport, allowing for flexible and quick travel. These logistical advantages make a data protection officer from Dresden a practical and economically sensible solution for companies throughout Germany.
In addition, companies benefit from the extensive experience of a data protection officer from Dresden. As the economic and political center of Saxony, the city is home to numerous businesses from various industries, offering the opportunity to build diverse and specialized expertise. The regular collaboration with authorities, public institutions, and international companies in the region also promotes a practical and legally compliant implementation of the General Data Protection Regulation (GDPR).
A data protection officer from Dresden thus combines professional expertise with logistical flexibility – an ideal combination for companies nationwide seeking professional, practical, and cost-efficient support.
Avoiding data protection violations with an expert from Dresden.
Data protection violations can cause significant financial burdens and reputational damage for medium-sized companies. An external data protection officer from Dresden helps you identify these risks early on and establish data protection-compliant processes. Especially for small and medium-sized enterprises (SMEs), it is crucial to avoid fines, as they can jeopardize financial stability.
Examples of fines for medium-sized companies:
Notebookbilliger.de (Germany)
- Company size: Online retailer in the mid-market
- Fine: 10.4 million euros
- Violation: Unlawful surveillance of employees via cameras over an extended period without legal basis.
Rapidmail (Germany)
- Company Size: Medium-sized provider for email marketing
- Fine: 8,000 Euros
- Violation: Lack of data processing agreement with a service provider and inadequate information duties towards affected individuals.
AOK Baden-Württemberg (Germany)
- Company size: Regional health insurance provider
- Fine: 1.2 million euros
- Violation: Misuse of data from sweepstake campaigns for marketing purposes without valid consent.
Kolibri Image (Germany)
- Company size: Medium-sized advertising company
- Fine: 6,000 euros
- Violation: Sending marketing emails without the recipients' consent (spam).
Taxfix (Germany)
- Company size: Medium-sized software company
- Fine: 25,000 euros
- Violation: Disregard for the rights of individuals, particularly the right to erasure of personal data.
How an external Data Protection Officer helps:
- Preventive measures: Implementing data protection-compliant processes to avoid violations from the start.
- Audits: Regular review of data protection implementation, specifically tailored for SMEs (Small and Medium Enterprises).
- Legally compliant documentation: Creation of all required documents, such as records of processing activities and consent forms.
- Training: Raising awareness among your employees on how to handle personal data to avoid errors.
With a Data Protection Officer from Dresden, medium-sized businesses benefit not only from extensive expertise but also from a flexible partner who works remotely and can be quickly on-site for personal audits thanks to Dresden's excellent infrastructure. This way, you ensure your compliance and protect your company from unnecessary risks.
Data protection consulting, data protection concepts, data protection solutions
Contact us now. We are happy to assist you with any questions regarding data protection and the GDPR.
English 
German