Not only the EU-GDPR and local data protection regulations such as the new German Federal Data Protection Act (BDSG) require the appointment of a data protection officer for most companies. It also makes sense in the company’s own interest in terms of its reputation regarding customers and business partners. Thus, it is crucial to fill this key position well.
The EU-GDPR and local data protection regulations such as the BDSG in Germany set the conditions for the appointment of a data protection officer, among other things. Simply put, the decisive factors in this regard are the volume and intensity with which data is being used as well as the risk factor for each individual, the processing of personal data, the reasons for data processing (e.g. phone service providers, information desks) and the sensitivity of data (e.g. ethnic background, religious affiliation, health conditions). Whether global enterprise, industrial corporation, medium sized business or hospital – there are no ways around a data protection officer in nowadays.
Regardless of the legal necessity to appoint a data protection officer, every company should appoint a data protection officer to signalize its partners and customers, that data privacy is important for an enterprise. In some branches like power, communications, banks or insurance the presence of a data protection officer has become an industry standard.
An external data protection officer often makes sense.