Data Protection Officer
The provision of a Data Protection Officer is required if personal data is processed by more than 9 people. This includes every form of personal data – holiday itineraries, data in Outlook-Client or, for example, CRM systems.
The post of Data Protection Officer within a business can be held either by an internal or an external resource.
The decision between an internal or external Data Protection Officer must be made in accordance with various criteria, e.g.:
- Vocational and personal aptitude
- Legal knowledge
- Cost efficiency
- Conflicts of interest
- Availability in terms of time
Whilst an internal candidate knows the business better, the professional external Data Protection Officer has the greater expertise and can introduce tried and trusted solutions directly into the businesses . A conflict of interest can affect an internal Data Protection Officer (personnel-, IT-, sales management) just as easily as an external one (IT service provider, tax advisor, solicitor, financial auditor) – to the extent that these are also active in their own fields of expertise on behalf of the company.