Now with a 3-month satisfaction guarantee

External Data Protection Officer

The specialized and experienced data protection officers and consultants in our team support you in all questions of data protection and, of course, data security. We are always at your disposal, not only for compliance with all regulations concerning the basic data protection regulation (GDPR), but also for explanations on company-specific questions.

We'll take you in!

For years, we have been the partner for national, international and medium-sized companies. Our team of legal specialists and IT consultants will respond individually to the needs and special features of your company and implement suitable, practical and legally compliant data protection concepts for you from start to finish.

A personal contact person is always available to you to ensure data protection compliance at all levels.

Your advantages with heyData

Profound legal and technical know-how of our team
Sector-specific data protection - Health, Pharma, Biotech, Insurtech, Fintech etc.
Minimization of liability risks for the management
Uniform costs, no extra charges, long-term cooperation
No binding of internal resources & avoidance of conflicts of interest
More flexible contractual conditions compared to internal data protection officers
Expertise on current topics such as personalized customer contact, outsourcing, CRM, home office, etc.
We are available at short notice & flexibly 24/7 - representations are secured

Want to learn more? We would be happy to advise you!

The tasks of an external data protection officer

  • Developing common data protection objectives, defining the need for action and establishing a timetable for achieving legal compliance
  • Carrying out risk analyses and audits at regular intervals or for external partners
  • Consultancy in the development of a data protection management system (DSMS)
  • Regular checks within the framework of a DSMS
  • Advice on the creation and implementation of a data protection concept
  • Review of reportable incidents
  • Implementation and assurance of "Privacy by Design" and "Privacy by Default
  • Preparation of the notification documents
  • Creation and review of all documentation such as directories of processing activities (DPA), data protection impact assessments (DPIA), technical and organizational measures (TOM), deletion and archiving concepts
  • Review of data protection information, statements, policies and company agreements
  • Advice on the drafting of contract processing agreements (AVV) with external service providers as well as on ensuring compliance with necessary control obligations
  • Monitoring the correct use of data processing programs
  • Support in answering questions from the data subject (e.g. right of cancellation or right of information)
  • Advice on all questions of employee data protection and monitoring its implementation in conformity with the law (keeping personnel files, on/offboarding, applicant management, Internet use by employees)
  • Organisation and implementation of training¹ as well as informing employees about the handling of personal data in compliance with data protection regulations
  • Monitoring of the data protection status in the company
  • Support for certification
  • Responding to requests from the supervisory authorities
  • Advising the management and the respective specialist department
  • Preparation of an annual report on data protection

Decide in favor of heyData and benefit from your personal and professional contact person who ensures data protection conformity on all levels and at the highest level.

Frequently Asked Questions

Do I need a data protection officer?

A data protection officer must be appointed by companies with at least 20 employees who are regularly involved in the automated processing of data. A data protection officer is also necessary if special categories of personal data are processed that provide information about a person's race, ethnic origin, political opinion, religious beliefs, health or sex life. The same applies if personal data are transferred, collected, processed or used in a businesslike manner which constitutes the core activity of the company. In these two cases, the number of employees is irrelevant.

What are personal data?

According to GDPR, personal data is all information relating to an identifiable person. Subjects can be identified directly or indirectly, in particular by means of association with an identifier such as name, an identification number, a location or other characteristics. In practice, this includes all data that can be attributed to a person in any way. Examples include telephone numbers, ID numbers, account data, license plates, customer numbers, e-mail addresses or postal addresses.

How do the commissions at heyData work?

As soon as you have decided to cooperate with heyData, we will carry out a data protection audit with your company after an initial needs analysis in order to understand the processes of your company holistically - this process will be digitally accompanied and supervised by the data protection consultant. Thereupon we will prepare the necessary documentation together with you and if necessary, we will adapt the web presence of your company according to our instructions in case there is a need for changes in order to achieve conformity. Depending on the package, we are then involved in various processes of your company, which require the expertise of a data protection officer to protect you in all respects, this usually extends to HR, marketing, product, but also business development processes.

How long is the contract period?

The regular contract period is 24 months.

What is done in the data protection audit?

The data protection audit is intended to examine the processes of your company and to identify the essential points of data processing. You will then receive a documentation of this so that you have the locations, the type of data processed and the people responsible as a diagram available at any time.