Jack of all trades: The External Group Data Protection Officer

One of the
innovations of the GDPR for corporations, corporate groups and groups of
undertakings is the introduction of a so-called group data protection officer.
This is regulated in Art. 37 II GDPR which states:

 "A group of companies may appoint a joint data protection officer provided that the data protection officer can be easily reached from any location."

Since the
transfer of personal data within a group of companies is part of its everyday
operations, a common data protection officer can provide relief by creating
consistent data protection rules and concepts and acting as a single point of contact
for the entire group. The concept of a group of undertakings is defined in Art.
4 No. 19 GDPR as a group of companies in which there is a ruling company and
dependent companies.

As another
requirement, the standard mentions easy accessibility of the group data
protection officer meaning that all employees, but also the local supervisory
authorities and those affected can easily reach him and communicate. Especially
within global enterprises that have subsidiaries and branches in many different
countries, the different languages ​​can be a significant communication
barrier. However, no-one can be expected to speak, in addition to the required
data protection qualification, every language of every branch in each country.
Here is the recourse to a common language, especially English a possible
solution. Additionally, data protection coordinators in each individual company
can act as a link between the local regulatory authorities and the group data privacy
officer.

However, it
is often difficult to find a suitable and qualified person who has both the
necessary (international) qualifications and is familiar with the way in which
companies operate. Thus, an external group data protection officer can present
an adequate solution.

What are the tasks of a group data protection officer?

In
principle, the tasks which a group data protection officer must fulfill are
based on the same requirements as any other data protection officer, which is
standardized in Art. 39 GDPR. Namely:

  • to
    advise and inform the responsible persons regarding the implementation of the
    GDPR in the group
  • to
    enable compliance with the GDPR and foster a data protection culture within the
    organization
  • to
    maintain policies and procedures on data protection
  • the
    monitoring of the provisions of the GDPR within the group, which also includes
    sensitizing employees with regard to the basic data protection requirements and
    requirements, as well as their training
  • the
    group data protection officer advises on the privacy impact assessment
  • support
    data incident responses and notification procedures for data breaches
  • he
    or she works with the regulators and is their first point of contact

An external
group data protection officer usually has experience with various groups of
companies and has been involved with various data protection challenges, so
that he can quickly adapt a solution for another group.

Two challenges for a group data protection officer

The
difference to a data protection officer, who is only responsible for a single
company, is the complexity of the (international) data flows of personal data
and the organizational structure of the group. For example, it often happens
that there is no single contact person in a group who has an overall view of a
particular process, which may be relevant when drawing up the list of
processing activities.

Another
challenge is that although the GDPR is uniform throughout the EU, there are
national specifications and differences in the individual member states of the
EU that need to be taken into account. For this purpose, consulting
professionals with local legal expertise for individual issues may be a
possible solution.

Nevertheless,
the designation of a group data protection officer can be a considerable relief
for the group. Important for this is the development of a suitable data
protection organization within the group, the support on the part of the
company management and sufficient financial and personnel resources for the
group data protection officer. Especially an external data protection officer
can be a pragmatic, professional and timely solution, which is often cheaper
than setting up your own data protection department within the group.

Über den Autor

Lernen Sie DataGuard kennen

Fordern Sie noch heute Ihr Angebot an

Ihre Vorteile auf einen Blick

  • Datenschutz, Informationssicherheit und Compliance aus einer Hand
  • Individuelle Beratung durch qualifizierte Experten – ganz ohne Fachjargon
  • Zeitsparende Technologie zur Automatisierung repetitiver Aufgaben
  • Faire und transparente Preise für optimale Planbarkeit und Budgetierung

Über zufriedene Kunden vertrauen unserer bequemen Rundumlösung

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Escada Logo Contact Veganz Logo Contact Fressnapf  Logo Contact Völkl Logo Contact Arri Logo Contact K Line  Logo Contact

Lernen Sie DataGuard kennen

Fordern Sie noch heute Ihr Angebot an

Ihre Vorteile im Überblick

  • Benennung eines externen Datenschutzbeauftragten
  • Audit Ihrer Datenverarbeitungsvorgänge
  • Unterstützung rund um AV-Verträge, VVT, TOM, Schulung, u.v.m.
  • Personalisierte Betreuung durch Ihren Ansprechpartner 
  • Skalierbar für KMU und Konzerne
  • 100+ Experten aus den Bereichen Recht, Wirtschaft & IT

Über zufriedene Kunden vertrauen unserer bequemen Rundumlösung

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Escada Logo Contact Veganz Logo Contact Fressnapf  Logo Contact Völkl Logo Contact Arri Logo Contact K Line  Logo Contact

Lernen Sie DataGuard kennen

Fordern Sie noch heute Ihr Angebot an

Ihre Vorteile im Überblick

  • Externer Informationssicherheitsbeauftragter (ISB) oder Expertenbetreuung auf Augenhöhe
  • Persönlicher Ansprechpartner
  • Vorbereitung auf Ihre Zertifizierung nach ISO 27001 & TISAX®️
  • 100+ Experten aus Recht, Wirtschaft & IT
 

Über zufriedene Kunden vertrauen unserer bequemen Rundumlösung

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Escada Logo Contact Veganz Logo Contact Fressnapf  Logo Contact Völkl Logo Contact Arri Logo Contact K Line  Logo Contact

Lernen Sie DataGuard kennen

Jetzt Angebot anfragen

  • Proaktive statt reaktive Unterstützung
  • Erstellung der wichtigsten Dokumente und Richtlinien
  • Umfassendes Compliance-Management
  • Mitarbeiterschulungen
  • Digitales Compliance-Management-System
  • Beratung durch erfahrene Branchenexperten

Über zufriedene Kunden vertrauen unserer bequemen Rundumlösung

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Escada Logo Contact Veganz Logo Contact Fressnapf  Logo Contact Völkl Logo Contact Arri Logo Contact K Line  Logo Contact

Lernen Sie DataGuard kennen

Jetzt Angebot anfragen

  • Einhalten der EU-Whistleblower-Richtlinie
  • Digitales Whistleblowing-System
  • Einfache und schnelle Implementierung
  • Zentrale Datenquelle
  • Sicher und gesetzeskonform
  • Klares und transparentes Reporting

Über zufriedene Kunden vertrauen unserer bequemen Rundumlösung

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Escada Logo Contact Veganz Logo Contact Fressnapf  Logo Contact Völkl Logo Contact Arri Logo Contact K Line  Logo Contact

Jetzt Termin vereinbaren

ODER RUFEN SIE UNS AN:(089) 8967 551 000