What is an External Data Protection Officer?
Under Art. 37 GDPR, certain organizations are required to designate a Data Protection Officer. Instead of creating a full-time position, you can outsource this function to a qualified external service provider — this is expressly permitted by law (Art. 37(6) GDPR).
AGIDAT takes on the role of external Data Protection Officer for your organization: fully, legally, and with dedicated points of contact.
When do you need a DPO?
A mandatory designation applies, among other things, when:
- at least 20 persons are regularly engaged in the automated processing of personal data,
- your organization processes health data, biometric data, or data relating to criminal offenses (Art. 9/10 GDPR),
- large-scale profiling or monitoring of individuals takes place,
- you are a public authority or body.
Even without a legal obligation, voluntarily designating a DPO can be valuable — as a trust signal to customers and regulators.
What we handle for you
As your external DPO, we take on all legally required tasks under Art. 39 GDPR:
- Informing and advising management and employees
- Monitoring compliance with the GDPR and other data protection regulations
- Point of contact for the supervisory authority and data subjects
- Advising on Data Protection Impact Assessments (DPIA, Art. 35 GDPR)
- Sensitization and training of employees
- Regular reports to management
Our approach
We do not work with one-size-fits-all solutions. After a free initial consultation, we analyze your specific situation and prepare an individual proposal. Typically our work includes:
- Status analysis — Where does your organization stand today?
- Immediate measures — What needs to be addressed urgently?
- Ongoing support — Quarterly reports, training, availability
- Annual review — Adjustments to meet new requirements
Advantages over an internal DPO
| Criterion | Internal | External (AGIDAT) |
|---|---|---|
| Cost | Full-time salary + training | Monthly flat fee |
| Independence | Potential conflict of interest | Required by law |
| Expertise | Depends on the individual | Specialized team |
| Availability | Vacation, illness | Continuously ensured |
| Up-to-date knowledge | Self-managed | Continuously maintained by AGIDAT |