External Data Protection Officer
Upon request, we will assume data protection duties for your company or agency as an external data protection officer (solely in Switzerland). In this role, we put into place the precautions and handle the other duties required by data protection laws and related legal requirements for your organisation.
What happens after appointing us as external data protection officer?
Once you have given us the mandate to serve as your data protection officer, we will put together a detailed data protection audit on the current status of your data protection systems. To this end, we will conduct interviews with departments and responsible persons. We will also review the existing documentation relevant to data protection issues (such as regulations, contracts, confidentiality agreements, consent clauses, etc.) created for your business. We will also examine the IT systems and work flows used by your company. Then we will make a comparison with data protection regulations and other standards specifically applicable for your industry. We will then detail possible privacy protection gaps and legal risks and explain what measures you can take to resolve them. Then we get down to making the necessary changes. We will bring your business or agency office to full compliance with current data protection laws.
The on-going work of an external data protection officer
As part of our day-to-day work as your external data protection officer, we are available to answer any of your data protection questions. We help you put into place work flows and new business ideas in compliance with data protection laws. We will also actively inform you of activity reports from public data protection officials, legal changes and data protection court rulings relevant to your organization.
The benefits of an external data protection officer
Appointing an external operational data protection officer has many benefits for your business:
- Focus on your core business: An external data protection officer lets you focus on your core business and your core competencies, and in particular the activities in which your company makes a profit. Your employees can focus on the tasks that they already do successfully.
- Neutrality and independence: An external data protection officer - as opposed to an internal data protection officer - is absolutely neutral and independent. There are layers of authority. In addition, the offer does not participate in any performance-related bonus schemes and is not exposed to any possible in-house intrigue. An external data protection officer also has no inherent interest in favouring certain departments or individuals in the company. Neutral and objective with an external perspective, the officer can objectively explain the actual status and legal position of your data protection measures. In other words: An external data protection officer will present the situation and the necessary corrective measures without mincing words.
- No conflicts of interest: The Data Protection Act stipulates that the data protection officer must be independent. The officer must, therefore, not be engaged in any other business functions that affect the independence required by law. In practice, the internal data protection officer is often also responsible for other operational functions. So, in fact, internal officers are tied to the directions and goals of their superiors and are not really able to exercise their function independently. Conflicts of interest are therefore built right in. An external data protection officer avoids internal conflicts of interest from the beginning and independence can be guaranteed.
- Cost savings: You can save the costs of training and continuing education for an internal data protection officer. In contrast you have quick and easy access to the expertise of an external data protection officer who makes it a priority to be up-to-date with the latest news in data protection laws.
- Flexibility: Working with an external data protection officer is based on a consulting agreement under contract law. Such a contract can be configured very flexibly. For example: Part-time work, 5 or 20%, monthly cost limit, work on-demand (hourly rate). When needed, the officer can also be terminated with little notice as defined in the contract. In contrast, an internal data protection officer is guaranteed a longer notice period according to labour law, which can be a disadvantage for a company.
- Knowledge transfer: External data protection officers can bring leverage their practical experiences from other projects and companies to give advice to your company or agency. This knowledge transfer lets your business or agency indirectly benefit from the experience of other companies. This will present itself in the form of solutions already successfully tested and implemented in other companies. In addition, external data protection officers maintain contacts with the data protection authorities, are well networked and are continually updating their knowledge of data protection law. Your business can profit from this knowledge.
- Time saving: Thanks to the knowledge transfer and use of experts your company can regain valuable time. The data protection measures can be implemented quickly and efficiently.