For your convenience, we are always close to you with our offices in Hamburg, Berlin, Cologne, Frankfurt, Stuttgart and Munich.
Data protection and IT expertise
The various qualifications of our consultants in the field of data protection and information technology are unique in the industry.
Personal consulting instead of a 150€ model
We do not rely on standardized software solutions, but instead provide advice individually tailored to your needs.
Data protection at the highest level
The primary task of our external data protection officers is to set up and implement a practical and legally compliant data protection organization in your company. Our advice on data protection is provided exclusively by specially trained consultants with particular expertise in the areas of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications Act (TKG) and the Telemedia Act (TMG), as well as other areas of IT law.
Nowadays, data protection officers in businesses ranging from small and medium-sized companies to large international corporations have to keep an eye on a multitude of requirements. On the one hand, different laws have to be observed and integrated into day-to-day business in a reasonable manner; on the other hand, due to their internal structures, companies often find it difficult to establish data protection within the entire organization. With our extensive experience as external data protection officers, we can unburden you – in a manner tailored to your individual circumstances. In doing so, our experts place their expertise entirely at the service of your economic goals within the company.
Especially in data protection, when it comes to handling personal data, trust is of crucial importance. For many years, we have stood for diligence, practical relevance and discretion in data protection consulting for companies. Due to the interdisciplinary and high-level expertise of our consultants, we can support you in ensuring technical protection. This is mandatory for all companies according to GDPR. By carrying out a vulnerability analysis, you receive corresponding proof of the protection of personal data. Our references as external data protection officers speak for themselves. We will be happy to take the time for a personal consultation and prepare an offer tailored to your specific needs, non-binding and free of charge. We will find the right consultant for you for the role of external data protection officer.
Find out here why you should trust us, as well. Please select:
What tasks do we perform for you as external data protection officers?
As external data protection officers, we advise you on compliance with the GDPR in your company as well as on all special laws in data protection and provide support on data protection topics. These are, for example: setting up a data protection organization, data processing by processors, data protection impact assessments, data transfers, marketing and advertising. We ensure that your company’s processes for handling personal data are designed to comply with data protection requirements and are aligned with the objectives of your business model. You thus receive an all-inclusive package in data protection.
How do we define the role of the data protection officer in your company?
An external data protection officer from our company will perform the statutory tasks related to data protection in your company in accordance with Article 39 (1) GDPR as part of his or her role. In doing so, he or she assumes a neutral position and supports the management and the specialist departments as a trustworthy contact person in all data protection issues. The decision-making authority concerning data protection always lies with the management level of your company. The data protection officer provides information about data protection risks and develops proposals that serve as a basis for decision-making in your company.
To what extent does our data protection consulting exceed the legally required expertise?
Our external data protection officers have interdisciplinary expertise in data protection, law and information technology. Due to regular training and a permanent exchange of knowledge in data protection within the expert teams in our company, all consultants have a high level of expertise and are always up to date. Our external data protection officers combine the following qualifications, among others: lawyers, including attorneys with doctorates, specialist attorneys for IT law, intellectual property law, copyright and media law, TÜV-certified data protection officers, business informatics specialists, computer scientists.
What experience do our external data protection officers bring to your company?
Since the company was founded in 2006, our consulting company has assisted our customers as external data protection officers and has thus been able to gain extensive experience in data protection consulting in all industries and in a wide variety of corporate structures. Just like the expertise of our experts in the field of data protection (GDPR), these many years of experience as external data protection officers are maintained in an internal knowledge pool and developed into best practices. In day-to-day consulting, you benefit from this enormous know-how, which enables efficient and practical data protection consulting by our consultants in the role of external data protection officer in the company.
What happens if your external data protection officer is unavailable?
If the external data protection officer designated for you is prevented from fulfilling his or her data protection duties in person for important reasons, a qualified deputy will always be available to you. The deputy arrangement is contractually guaranteed. Of course, the deputy of the external data protection officer also fulfills the legal requirements for professional qualification and expertise.
To what extent do we contribute to safeguarding your company?
In the role of external data protection officer, we assume the duty to support your company in establishing data protection compliance and to inform you about the risks in data protection. Once your external data protection officer has been designated, he or she will first evaluate the existing data protection risks in a comprehensive analysis of the current situation. The external data protection officer will then develop recommendations for action to minimize the risks and support you in implementing them. Thanks to our comprehensive business and financial loss liability insurance, you are also adequately secured in the unlikely event of a liability claim.
Can we answer questions about data protection in an international context?
Due to the data protection support we provide to various multinational corporations, we as external data protection officers regularly deal with data protection issues on an international level. If your service providers are located abroad, if you transfer data within the group, or if you want to standardize data protection processes across the group on the basis of the GDPR, we will be happy to support you in structuring your cross-border processing activities in line with data protection requirements. If you have data protection questions about country-specific legislation outside Germany, we will be happy to put you in touch with the data protection experts from our Privacy Europe network.
Is unlimited software use included in the scope of services?
If you do not yet use a software solution within the company, we recommend that you use our Guardileo data protection management software. If you wish, we can offer the software as part of a service package with an external data protection officer at a reasonable price. The use of Guardileo is completely unlimited. You can create as many documents as you want at any time, and you can also create an unlimited number of users. This is what sets us apart from other providers on the market. The software was developed by our team of experts, consisting of lawyers with many years of experience in data protection consulting. The pragmatic implementation of the data protection requirements, the range of functions, but above all the ease of use of the software distinguishes Guardileo.
How can our liability insurance minimize the risk?
It is important to us to offer our customers the greatest possible protection, which goes far beyond what is customary on the market. intersoft consulting has concluded a comprehensive business and financial loss liability insurance policy for the event of liability due to the culpable breach of performance obligations. This covers both financial losses up to a sum of €20,000,000 and personal injury and property damage up to a sum of €10,000,000. With the appointment of an external data protection officer from intersoft consulting, you are therefore very well protected.
What does the appointment of an external data protection officer cost?
Unlike many of our competitors, we do not list prices on our website. We have made this decision deliberately, as we always focus on personal conversations and individual circumstances when preparing an offer. This cannot be reflected in fixed prices. What we have observed, however, is that we are often well below the costs that price calculators on other sites determine, while offering a more fully comprehensive range of services. Our clients can enjoy fair pricing, transparency, and predictable costs. In addition to the scope of activities of the external data protection officer, the unlimited use of the Guardileo data protection management software and our e-learning tool can also be included in full in the contract as an option. Likewise, a high level of liability insurance is also included in the package. Please contact us! We will be happy to prepare an individual and fair offer for you.
References as external data protection officer
“For years now, as one of the world’s leading manufacturers of wind turbines, we have trusted our external data protection officer from intersoft consulting services. Due to the excellent expertise in international data protection, we have extended the consulting to our European subsidiaries.”
“The trusting cooperation with the external data protection officer from intersoft consulting services ensures the implementation of legal requirements and at the same time increases customer satisfaction.”
“The dual qualification of our new data protection officer – a lawyer with special knowledge in the field of information technology – as well as the service approach has convinced us of the very high-level consulting competencies of intersoft consulting services AG.”
“As a leading international provider of business solutions in the area of Enterprise Information Management (EIM), we greatly appreciate the recommendations for action from our external data protection officers. Many thanks for the constructive cooperation, especially on the topic of commissioned data processing.”
Competence of more than 60 consultants
- Rechtsanwältin (Attorney-At-Law)
- Master of Laws (LL.M.) in Information Technology Law and Intellectual Property Law
- Many years of expertise as a data protection consultant
- Rechtsanwalt (Attorney-At-Law)
- Data protection officer (TÜV‑certified)
- Many years of experience as in-house lawyer in trade and industry associations
- Doctor of Law
- Author and co-author of various specialist books
- Practical experience in various data protection supervisory authorities and law firms with a focus on data protection and IT law
- Rechtsanwalt (Attorney-At-Law)
- State-certified Business IT Specialist
- Extensive experience as a data protection consultant for international corporations
- Rechtsanwältin (Attorney-At-Law)
- Data protection officer (TÜV‑certified)
- Expertise in data protection
- Practical experience in an international law firm
- Fully qualified lawyers (2 state examinations), including attorneys with doctorates
- Specialists in IT law, intellectual property law, copyright and media law, insurance law and social law
- Master of Laws in IT law, media law, intellectual property law and industrial property law
- Bachelor of Laws in information law and business law
- TÜV‑certified data protection officers and data protection auditors
- Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E)
- IT‑Compliance Manager (ISACA) and Compliance Officer (TÜV)
- Data Protection Officer following association criteria (BvD)
- BSI certified audit team leader for ISO 27001 based on IT baseline protection, De‑Mail auditor and IS auditor
- ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Implementer, ISO/IEC 27001 Practitioner
- GIAC Certified Forensic Examiner, GIAC Advanced Smartphone Forensics, GIAC Reverse Engineering Malware, GIAC Cyber Threat Intelligence, GIAC Certified Incident Handler, GIAC Penetration Tester, GIAC Battlefield Forensics and Acquisition
- IT Security Officer (TÜV)
- Computer scientist and business information scientist
- Master of Engineering IT Security and Forensics
- Bachelor of Science General and Digital Forensics
- Cyber Security Practitioner (ISACA), IT Information Security Practitioner (ISACA)
Receipt of your inquiry
After receiving your inquiry, we will contact you as soon as possible to discuss your specific needs in the area of external data protection officers. In doing so, we will address your individual wishes and expectations in the best possible way. You can also contact us by e-mail at any time outside our business hours.
Based on the initial needs assessment, we will promptly prepare an offer for the position of an external data protection officer. We also offer an initial meeting at your company to get to know each other. At this meeting, we will personally introduce our company, your potential external data protection officer, and our offer, which we can then finalize together.
Conclusion of contract
If we have been able to convince you of our capabilities and our approach to data protection, you will receive a draft contract as the basis for our cooperation. Of course, it can be adapted to your requirements. As soon as the contract is concluded, we will take over the notification of your external data protection officer to the competent supervisory authority on your behalf, if desired.
Data protection check
At the beginning of our cooperation, the external data protection officer carries out a data protection check in your company. He or she records the data protection-relevant processes and systems on site at your company in accordance with the GDPR, analyzes them for weaknesses, and evaluates them for potential data protection risks. To eliminate weak points in data protection, the external data protection officer develops practice-oriented recommendations for action. The results of the data protection check are documented for you in a comprehensive report.
During ongoing data protection support, we support you in the role of external data protection officer in implementing the recommended measures from the data protection check without unnecessarily disrupting business processes. In addition, we are available to advise you and your employees on all data protection issues under the GDPR in order to implement practicable solutions that take into account the legal requirements as well as your business objectives and corporate culture.
Costs of an external data protection officer
When determining the costs of appointing an external data protection officer, a careful, individual approach has proven to be the best way to specifically address your requirements. We do not offer any standards, but rather take into account the very personal processes and structures of your company in dealing with personal data. When determining the costs, we benefit from a wealth of experience so that we can tailor an accurate data protection offer that meets your requirements.
Comparison of internal vs. external DPOs
Frequently asked questions about the data protection officer
We’ll tell you what you should know about the role of the data protection officer.
According to Section 38 BDSG, there is an obligation to designate a data protection officer if, as a rule, at least 20 persons are involved in the automated processing of personal data. The processing is automated if it is carried out using data processing equipment such as a computer / tablet in the company. In addition, there is an obligation to designate an internal or external data protection officer if processing is carried out that is subject to a data protection impact assessment or personal data is processed commercially for the purposes of market or opinion research. Furthermore, in data protection, the obligation to designate a data protection officer applies if the core activity of the company consists of extensive processing of special categories of data or of personal data relating to convictions and criminal offenses. If you are not sure whether you need to appoint a data protection officer in your company, please feel free to contact us.
The internal or external data protection officer answers data protection questions from within the company. He or she advises the management on the handling of personal data in accordance with the EU General Data Protection Regulation when introducing new processes, writes statements on the permissibility of planned or already implemented data processing activities. The data protection officer is also the contact point in data protection for the supervisory authority. In this position, he or she communicates with the supervisory authority on issues relating to the company or in the course of data protection audits. A recurring task of the data protection officer is to support the company in conducting a data protection impact assessment (DPIA). The internal or external data protection officer provides decisive advice on whether a DPIA should be carried out, advises on the strategy for carrying it out and, in the follow-up, on whether the DPIA was carried out correctly and whether the conclusions are in compliance with data protection laws.
Continuous training in data protection is also an important aspect of the day-to-day work of an internal or external data protection officer. On the one hand, he or she constantly educates himself or herself on issues relating to data protection and data security, and on the other hand, he or she trains your employees in accordance with the EU General Data Protection Regulation and raises their awareness to current requirements of a data processing activity. In addition, the data protection officer serves as a contact person for data subjects in the company for all questions relating to the processing of their personal data and the exercise of their rights in data protection.
A written appointment, as was required under old legal situation in data protection, is no longer required by the GDPR. However, for reasons of evidence and legal clarity, a written designation of the data protection officer is recommended. In addition, it is recommended that the tasks of the data protection officer be explicitly specified by the controller in the contract so that the controller and data protection officer are clear about the tasks. Since – unlike previously in Section 4f (1) sentence 2 BDSG – no deadline is specified, the duty must be fulfilled immediately as soon as the requirements are met. Finally, the company publishes the contact data of the data protection officer and communicates them to the competent supervisory authority. This concludes the designation of the internal or external data protection officer.
Data protection officers must have sufficient professional qualifications and practical experience in data protection, as well as the ability to fulfill the tasks defined in Art. 39 GDPR. The GDPR does not contain any specific requirements regarding the relevant qualification.
The necessary level of expertise in data protection depends on the level of protection required for the personal data that the company processes. Here the following applies: The more complex the data processing is in the individual case or the larger the amount of sensitive data, the higher the requirements for the data protection officer’s expertise will be.
Our expert external data protection officers are up to the task of handling personal data, as they are constantly trained and their experience ensures a high level of advisory competence.
The body responsible for compliance with the GDPR under data protection law is the body that determines the purposes and means of the processing. This is always the company and never the data protection officer.
According to Article 39 GDPR, the internal or external data protection officer is responsible for informing the company and its employees about their obligations under data protection law and for advising them on data protection. Here, the data protection officer is required not only to reproduce the relevant regulations according to the GDPR, but to actively support the company in solving concrete problems that may arise during the implementation of measures. The internal or external data protection officer is fully liable in the event of intentional or gross negligence. In the case of normal negligence, there is a proportional distribution between the employer and the employee. The internal data protection officer is generally not liable for slight negligence. The situation is different for external data protection officers. If the external data protection officer does not fulfill his or her contractual duties to the required extent, for example due to incorrect advice, contractual claims for damages are conceivable to the full extent. This is another reason why the designation of an external data protection officer is advantageous for companies.
The obligation to cooperate and collaborate with the supervisory authority under the GDPR represents an important innovation in data protection compared to the old legal situation. This entitles internal or external data protection officers to communicate directly with the supervisory authority. This circumstance is also of importance for the supervisory authority, which in the past had to address itself primarily to the company management.
Here, the internal or external data protection officer will maintain communication with the supervisory authorities in close coordination with the management.