Why you need a data protection officer
There are many reasons why companies need to appoint a data protection officer (and preferrably not just any one, but one from fox-on …).
- First and foremost, it is often simply necessary (in Germany) to fulfil the legal requirements. As of 20 employees who deal with personal data, one is obliged to appoint a data protection officer (DPO) (§ 38 FDPA).
- “Worse” than sanctions would be the loss of reputation if something were to go wrong and employee or customer personal data became accessible to unauthorized persons. Unlike a few years ago, the media and the public have become very attentive here.
- And the Internet doesn’t forget anything: if there is an incident or damage, it will always catch the eye of anyone who wants to find out about the company via Google search.
- A data protection compliant design of processes also helps other goals and for other business areas, e.g. by preventing an unwanted outflow of know-how through appropriate measures.
- The probability of being affected by an audit has increased. A few years ago this was rather unlikely in, for example, the manufacturing industry. Now, however, it is increasingly so that employees who involuntarily leave the company “fight back” with a complaint on a data protection issue and involve the data protection supervisory authority.
- And besides, it doesn’t hurt.
Many entrepreneurs expect more effort than it actually is. We are not there to act as the supervisory authority, but instead advise very concretely and pragmatically. We want to protect people’s data without losing sight of the corporate concerns of our customers.
Need help deciding?
Not sure whether an internal or external data protection officer is the right choice for your company?
We have made an overview over the pros and cons of and internal and external DPO.