Many companies opt for the supposedly obvious, such as designating an employee from their own workforce as DPO. However, this is not possible without further measures. There are a few things to consider.
A data protection officer must have the following competencies:
- Full knowledge of the relevant: GDPR, national laws (BDSG, TMG, TKG)
- Legal understanding
- Extensive technical expertise
- Knowledge of the IT basic protection catalogues of the Federal Office for Information Security (BSI)
- Ideally, corresponding certifications
- Reliability and personal integrity