AGIDAT – Datenschutz | Informationssicherheit

External Data Protection Officer

Legal compliance without a full-time hire — certified, reachable, practical.

What is an External Data Protection Officer?

Under Art. 37 GDPR, certain organizations are required to designate a Data Protection Officer. Instead of creating a full-time position, you can outsource this function to a qualified external service provider — this is expressly permitted by law (Art. 37(6) GDPR).

AGIDAT takes on the role of external Data Protection Officer for your organization: fully, legally, and with dedicated points of contact.

When do you need a DPO?

A mandatory designation applies, among other things, when:

  • at least 20 persons are regularly engaged in the automated processing of personal data,
  • your organization processes health data, biometric data, or data relating to criminal offenses (Art. 9/10 GDPR),
  • large-scale profiling or monitoring of individuals takes place,
  • you are a public authority or body.

Even without a legal obligation, voluntarily designating a DPO can be valuable — as a trust signal to customers and regulators.

What we handle for you

As your external DPO, we take on all legally required tasks under Art. 39 GDPR:

  • Informing and advising management and employees
  • Monitoring compliance with the GDPR and other data protection regulations
  • Point of contact for the supervisory authority and data subjects
  • Advising on Data Protection Impact Assessments (DPIA, Art. 35 GDPR)
  • Sensitization and training of employees
  • Regular reports to management

Our approach

We do not work with one-size-fits-all solutions. After a free initial consultation, we analyze your specific situation and prepare an individual proposal. Typically our work includes:

  1. Status analysis — Where does your organization stand today?
  2. Immediate measures — What needs to be addressed urgently?
  3. Ongoing support — Quarterly reports, training, availability
  4. Annual review — Adjustments to meet new requirements

Advantages over an internal DPO

CriterionInternalExternal (AGIDAT)
CostFull-time salary + trainingMonthly flat fee
IndependencePotential conflict of interestRequired by law
ExpertiseDepends on the individualSpecialized team
AvailabilityVacation, illnessContinuously ensured
Up-to-date knowledgeSelf-managedContinuously maintained by AGIDAT