Supplier Solutions Portal

Externally appointed data protection officer

Your current situation

You process personal data in an automated way on behalf of your clients, and are obliged to appoint a data protection officer in accordance with the Bundesdatenschutzgesetz (German Federal Data Protection Act). This person should ensure compliance with the data protection regulations during the planning, introduction, and application of data processing methods based on the relevant legislation. As the company does not have its own staff to carry out this role, it plans the appointment of an external data protection officer.

Our service portfolio

Initial stock take

As part of an initial stock take as regards data protection legislation, all of the processes within the client's business area which are relevant to data protection and which process personal data, are recorded and documented in procedure directories as prescribed by law.

The procedure directories are supplemented by samples for declarations of commitment and information sheets, as well as sample contracts for the processing of order data.

Furthermore, the internal regulations and websites of the client are evaluated as regards data protection and telemedia legislation. If necessary, suggestions for improvement are made.

The results of the stock take as regards data protection legislation, including the procedure directory, are documented in a data protection handbook.

Ongoing activities

As part of ongoing activities, the following specific services are carried out:

  • Continual update of the procedure directories prescribed by law
  • Safeguarding the rights of those concerned by making the procedure directories available and checking the obligation to inform
  • Informing and/or training employees
  • Execution of advance controls and data protection impact assessment for processes involving sensitive data or with a major impact on those concerned
  • Ensuring proper data processing
  • Data protection check for the web portal
  • Consultation for contracts relevant to data protection and for internal company guidelines
  • Check of external IT service providers as regards the processing of order data
  • Consultation for all questions regarding data protection


TISAX® is a registered trademark of the ENX Association.