Hintergrundgrafik intersoft consulting services AG
Skip to content

External Data Protection Officer

Customers appreciate our all-inclusive package, making us one of the leading service providers in data protection.

Your benefits

Convince yourself of the benefits of a cooperation with us.

  • Active nationwide

    For your convenience, we are always close to you with our offices in Hamburg, Berlin, Cologne, Frankfurt, Stuttgart and Munich.

  • Data protection and IT expertise

    The various qualifications of our consultants in the field of data protection and information technology are unique in the industry.

  • Personal consulting instead of a 150€ model

    We do not rely on standardized software solutions, but instead provide advice individually tailored to your needs.

Data protection at the highest level

Establishing a robust data protection organization in the company

The primary task of our external data protection officers is to set up and implement a practical and legally compliant data protection organization in your company. Our advice on data protection is provided exclusively by specially trained consultants with particular expertise in the areas of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telecommunications Act (TKG) and the Telemedia Act (TMG), as well as other areas of IT law.

Nowadays, data protection officers in businesses ranging from small and medium-sized companies to large international corporations have to keep an eye on a multitude of requirements. On the one hand, different laws have to be observed and integrated into day-to-day business in a reasonable manner; on the other hand, due to their internal structures, companies often find it difficult to establish data protection within the entire organization. With our extensive experience as external data protection officers, we can unburden you – in a manner tailored to your individual circumstances. In doing so, our experts place their expertise entirely at the service of your economic goals within the company.

Especially in data protection, when it comes to handling personal data, trust is of crucial importance. For many years, we have stood for diligence, practical relevance and discretion in data protection consulting for companies. Due to the interdisciplinary and high-level expertise of our consultants, we can support you in ensuring technical protection. This is mandatory for all companies according to GDPR. By carrying out a vulnerability analysis, you receive corresponding proof of the protection of personal data. Our references as external data protection officers speak for themselves. We will be happy to take the time for a personal consultation and prepare an offer tailored to your specific needs, non-binding and free of charge. We will find the right consultant for you for the role of external data protection officer.

What makes us stand out as external data protection officers

Find out here why you should trust us, as well. Please select:

What tasks do we perform for you as external data protection officers?

As external data protection officers, we advise you on compliance with the GDPR in your company as well as on all special laws in data protection and provide support on data protection topics. These are, for example: setting up a data protection organization, data processing by processors, data protection impact assessments, data transfers, marketing and advertising. We ensure that your company’s processes for handling personal data are designed to comply with data protection requirements and are aligned with the objectives of your business model. You thus receive an all-inclusive package in data protection.

How do we define the role of the data protection officer in your company?

An external data protection officer from our company will perform the statutory tasks related to data protection in your company in accordance with Article 39 (1) GDPR as part of his or her role. In doing so, he or she assumes a neutral position and supports the management and the specialist departments as a trustworthy contact person in all data protection issues. The decision-making authority concerning data protection always lies with the management level of your company. The data protection officer provides information about data protection risks and develops proposals that serve as a basis for decision-making in your company.

To what extent does our data protection consulting exceed the legally required expertise?

Our external data protection officers have interdisciplinary expertise in data protection, law and information technology. Due to regular training and a permanent exchange of knowledge in data protection within the expert teams in our company, all consultants have a high level of expertise and are always up to date. Our external data protection officers combine the following qualifications, among others: lawyers, including attorneys with doctorates, specialist attorneys for IT law, intellectual property law, copyright and media law, TÜV-certified data protection officers, business informatics specialists, computer scientists.

What experience do our external data protection officers bring to your company?

Since the company was founded in 2006, our consulting company has assisted our customers as external data protection officers and has thus been able to gain extensive experience in data protection consulting in all industries and in a wide variety of corporate structures. Just like the expertise of our experts in the field of data protection (GDPR), these many years of experience as external data protection officers are maintained in an internal knowledge pool and developed into best practices. In day-to-day consulting, you benefit from this enormous know-how, which enables efficient and practical data protection consulting by our consultants in the role of external data protection officer in the company.

What happens if your external data protection officer is unavailable?

If the external data protection officer designated for you is prevented from fulfilling his or her data protection duties in person for important reasons, a qualified deputy will always be available to you. The deputy arrangement is contractually guaranteed. Of course, the deputy of the external data protection officer also fulfills the legal requirements for professional qualification and expertise.

To what extent do we contribute to safeguarding your company?

In the role of external data protection officer, we assume the duty to support your company in establishing data protection compliance and to inform you about the risks in data protection. Once your external data protection officer has been designated, he or she will first evaluate the existing data protection risks in a comprehensive analysis of the current situation. The external data protection officer will then develop recommendations for action to minimize the risks and support you in implementing them. Thanks to our comprehensive business and financial loss liability insurance, you are also adequately secured in the unlikely event of a liability claim.

Can we answer questions about data protection in an international context?

Due to the data protection support we provide to various multinational corporations, we as external data protection officers regularly deal with data protection issues on an international level. If your service providers are located abroad, if you transfer data within the group, or if you want to standardize data protection processes across the group on the basis of the GDPR, we will be happy to support you in structuring your cross-border processing activities in line with data protection requirements. If you have data protection questions about country-specific legislation outside Germany, we will be happy to put you in touch with the data protection experts from our Privacy Europe network.

Is unlimited software use included in the scope of services?

If you do not yet use a software solution within the company, we recommend that you use our Guardileo data protection management software. If you wish, we can offer the software as part of a service package with an external data protection officer at a reasonable price. The use of Guardileo is completely unlimited. You can create as many documents as you want at any time, and you can also create an unlimited number of users. This is what sets us apart from other providers on the market. The software was developed by our team of experts, consisting of lawyers with many years of experience in data protection consulting. The pragmatic implementation of the data protection requirements, the range of functions, but above all the ease of use of the software distinguishes Guardileo.

How can our liability insurance minimize the risk?

It is important to us to offer our customers the greatest possible protection, which goes far beyond what is customary on the market. intersoft consulting has concluded a comprehensive business and financial loss liability insurance policy for the event of liability due to the culpable breach of performance obligations. This covers both financial losses up to a sum of €20,000,000 and personal injury and property damage up to a sum of €10,000,000. With the appointment of an external data protection officer from intersoft consulting, you are therefore very well protected.

What does the appointment of an external data protection officer cost?

Unlike many of our competitors, we do not list prices on our website. We have made this decision deliberately, as we always focus on personal conversations and individual circumstances when preparing an offer. This cannot be reflected in fixed prices. What we have observed, however, is that we are often well below the costs that price calculators on other sites determine, while offering a more fully comprehensive range of services. Our clients can enjoy fair pricing, transparency, and predictable costs. In addition to the scope of activities of the external data protection officer, the unlimited use of the Guardileo data protection management software and our e-learning tool can also be included in full in the contract as an option. Likewise, a high level of liability insurance is also included in the package. Please contact us! We will be happy to prepare an individual and fair offer for you.

Hintergrundgrafik intersoft consulting services AG
Attractive pricing models adapted for companies of all sizes. Request non-binding offer here

References as external data protection officer

We advise hundreds of companies throughout Germany and are thus represented in all industries. This is only an excerpt of our references.

UN Refugee Agency
Schmitz Cargobull
Warner Music Group

Our locations

With branches throughout Germany, we are also represented in close proximity to you.

Competence of more than 60 consultants

More than 60 consultants provide suitable solutions for your company. Meet some selected consultants here.

Listed below you will find certificates and memberships of the group of companies, which prove our high standards.

IAPP Corporate Member

IAPP Corporate Member

Through our corporate membership in the International Association of Privacy Professionals (IAPP), our consultants are interconnected with leading data protection and IT security experts worldwide. As an internationally recognized standard, IAPP signals a high level of trust and is gaining in importance due to the GDPR.

Cyber Security Council Germany e.V.

Cyber Security Council Germany e.V.

Cyber-Sicherheitsrat Deutschland e.V. is an association whose purpose is to promote the security of business and society in the age of digitalization and also to position itself as a pioneer internationally. Companies, authorities and political decision-makers shall be strengthened in the fight against cybercrime. As a member, intersoft consulting services AG is proactively involved and advises companies with great competence in the area of cyber security.

Cyber Security Practitioner

Cyber Security Practitioner

Several employees of intersoft consulting services AG are certified as Cyber Security Practitioner (CSP) by the Information Systems Audit and Control Association (ISACA). This is a certificate course in cooperation with the Alliance for Cyber Security from the German Federal Office for Information Security (BSI). This qualifies the employee as an expert in this field and enables him/her to perform a cyber security check to assess cyber security in companies and government agencies.

ISO 27001 certified

ISO 27001 certified

With the certification of its information security management system (ISMS) according to ISO 27001, intersoft consulting services AG documents its ability to maintain the confidentiality, integrity and availability of the information entrusted to it. Customers can thus rely on appropriate risk management.
View certificate

Competence Center for Applied Security Technology e.V. (CAST)

Competence Center for Applied Security Technology e.V. (CAST)

As a CAST member, we enjoy access to an established competence network. The association is the contact for IT security and state-of-the-art information technology and offers a wide range of services as well as knowledge and experience exchange at a high level.

Servicepoint Cybersecurity

Servicepoint Cybersecurity

intersoft consulting services AG is part of the security partnership Servicepoint Cybersecurity in Schleswig-Holstein. The Servicepoint Cybersecurity is an initiative of the independent organization of the digital economy DiWiSH. It provides a central and confidential point of contact for inquiries about preventive measures. In the event of imminent attacks, it helps to request specialized cybersecurity companies such as intersoft consulting services AG for support offers anonymously.



On Kununu, we have received many very good ratings from employees. A large part of the evaluators would recommend the company to others and we almost achieve the full score in the Kununu score. Employees appreciate the great working atmosphere and the open company culture. The benefits and many extras, such as home office arrangements, part-time models, fitness and massages are particularly praised.

Hamburg Data Protection Society e.V. (HDG)

Hamburg Data Protection Society e.V. (HDG)

The “Hamburger Gesellschaft zur Förderung des Datenschutzes e.V.” was founded as a forum for data protection by representatives from business, science and the media. As a member of the HDG, we actively participate in the further development of data protection topics.

  • Fully qualified lawyers (2 state examinations), including attorneys with doctorates
  • Specialists in IT law, intellectual property law, copyright and media law, insurance law and social law
  • Master of Laws in IT law, media law, intellectual property law and industrial property law
  • Bachelor of Laws in information law and business law
  • TÜV‑certified data protection officers and data protection auditors
  • Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E)
  • IT‑Compliance Manager (ISACA) and Compliance Officer (TÜV)
  • Data Protection Officer following association criteria (BvD)
  • BSI certified audit team leader for ISO 27001 based on IT baseline protection and IS auditor
  • ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Implementer, ISO/IEC 27001 Practitioner
  • GIAC Certified Forensic Examiner, GIAC Advanced Smartphone Forensics, GIAC Reverse Engineering Malware, GIAC Cyber Threat Intelligence, GIAC Certified Incident Handler, GIAC Penetration Tester, GIAC Battlefield Forensics and Acquisition
  • IT Security Officer (TÜV)
  • Computer scientist and business information scientist
  • Master of Engineering IT Security and Forensics
  • Bachelor of Science General and Digital Forensics
  • Cyber Security Practitioner (ISACA), IT Information Security Practitioner (ISACA)
Hintergrundgrafik intersoft consulting services AG
You too can trust one of the leading service providers for data protection in Germany. Request an offer here

Our procedure

  • Receipt of your inquiry

    After receiving your inquiry, we will contact you as soon as possible to discuss your specific needs in the area of external data protection officers. In doing so, we will address your individual wishes and expectations in the best possible way. You can also contact us by e-mail at any time outside our business hours.

  • Offer

    Based on the initial needs assessment, we will promptly prepare an offer for the position of an external data protection officer. We also offer an initial meeting at your company to get to know each other. At this meeting, we will personally introduce our company, your potential external data protection officer, and our offer, which we can then finalize together.

  • Conclusion of contract

    If we have been able to convince you of our capabilities and our approach to data protection, you will receive a draft contract as the basis for our cooperation. Of course, it can be adapted to your requirements. As soon as the contract is concluded, we will take over the notification of your external data protection officer to the competent supervisory authority on your behalf, if desired.

  • Data protection check

    At the beginning of our cooperation, the external data protection officer carries out a data protection check in your company. He or she records the data protection-relevant processes and systems on site at your company in accordance with the GDPR, analyzes them for weaknesses, and evaluates them for potential data protection risks. To eliminate weak points in data protection, the external data protection officer develops practice-oriented recommendations for action. The results of the data protection check are documented for you in a comprehensive report.

  • Ongoing support

    During ongoing data protection support, we support you in the role of external data protection officer in implementing the recommended measures from the data protection check without unnecessarily disrupting business processes. In addition, we are available to advise you and your employees on all data protection issues under the GDPR in order to implement practicable solutions that take into account the legal requirements as well as your business objectives and corporate culture.

Costs of an external data protection officer

When determining the costs of appointing an external data protection officer, a careful, individual approach has proven to be the best way to specifically address your requirements. We do not offer any standards, but rather take into account the very personal processes and structures of your company in dealing with personal data. When determining the costs, we benefit from a wealth of experience so that we can tailor an accurate data protection offer that meets your requirements.

Costs of an external data protection officer

Hintergrundgrafik intersoft consulting services AG
Data protection professionals: all industries, all corporate structures. Request an offer here

Comparison of internal vs. external DPOs

Comparison internal DPO external DPO

int. DPOinternal DPO
ext. DPOexternal DPO
Existing professional qualification
Time-consuming and cost-intensive training required until professional qualification is obtained.
No protection against dismissal
Special protection against dismissal of internal data protection officers comparable to that of works council members.
Transparent costs
Our cost calculation offers you transparency and planning security.
Unbiased approach
With the internal data protection officer, there is a risk of operational blindness.
Knowledge of operational processes
The external data protection officer first has to familiarize himself with operational processes.
Keeping internal resources available
Our personnel resources reduce internal expenditure of time to a minimum.
No co-determination right of the works council
The works council’s right of co-determination (Section 99 BetrVG) does not apply to the external data protection officer.
Experience from other companies
Experience from other companies provides opportunities for comparison and practical solutions.
Independent data protection
The internal data protection officer is seen by third parties as biased.
Neutral position
Neutral position helps e.g. to mediate between company, works council and employees.

Frequently asked questions about the data protection officer

We’ll tell you what you should know about the role of the data protection officer.

According to Section 38 BDSG, there is an obligation to designate a data protection officer if, as a rule, at least 20 persons are involved in the automated processing of personal data. The processing is automated if it is carried out using data processing equipment such as a computer / tablet in the company. In addition, there is an obligation to designate an internal or external data protection officer if processing is carried out that is subject to a data protection impact assessment or personal data is processed commercially for the purposes of market or opinion research. Furthermore, in data protection, the obligation to designate a data protection officer applies if the core activity of the company consists of extensive processing of special categories of data or of personal data relating to convictions and criminal offenses. If you are not sure whether you need to appoint a data protection officer in your company, please feel free to contact us.

The internal or external data protection officer answers data protection questions from within the company. He or she advises the management on the handling of personal data in accordance with the EU General Data Protection Regulation when introducing new processes, writes statements on the permissibility of planned or already implemented data processing activities. The data protection officer is also the contact point in data protection for the supervisory authority. In this position, he or she communicates with the supervisory authority on issues relating to the company or in the course of data protection audits. A recurring task of the data protection officer is to support the company in conducting a data protection impact assessment (DPIA). The internal or external data protection officer provides decisive advice on whether a DPIA should be carried out, advises on the strategy for carrying it out and, in the follow-up, on whether the DPIA was carried out correctly and whether the conclusions are in compliance with data protection laws.

Continuous training in data protection is also an important aspect of the day-to-day work of an internal or external data protection officer. On the one hand, he or she constantly educates himself or herself on issues relating to data protection and data security, and on the other hand, he or she trains your employees in accordance with the EU General Data Protection Regulation and raises their awareness to current requirements of a data processing activity. In addition, the data protection officer serves as a contact person for data subjects in the company for all questions relating to the processing of their personal data and the exercise of their rights in data protection.

A written appointment, as was required under old legal situation in data protection, is no longer required by the GDPR. However, for reasons of evidence and legal clarity, a written designation of the data protection officer is recommended. In addition, it is recommended that the tasks of the data protection officer be explicitly specified by the controller in the contract so that the controller and data protection officer are clear about the tasks. Since – unlike previously in Section 4f (1) sentence 2 BDSG – no deadline is specified, the duty must be fulfilled immediately as soon as the requirements are met. Finally, the company publishes the contact data of the data protection officer and communicates them to the competent supervisory authority. This concludes the designation of the internal or external data protection officer.

Data protection officers must have sufficient professional qualifications and practical experience in data protection, as well as the ability to fulfill the tasks defined in Art. 39 GDPR. The GDPR does not contain any specific requirements regarding the relevant qualification.

The necessary level of expertise in data protection depends on the level of protection required for the personal data that the company processes. Here the following applies: The more complex the data processing is in the individual case or the larger the amount of sensitive data, the higher the requirements for the data protection officer’s expertise will be.

Our expert external data protection officers are up to the task of handling personal data, as they are constantly trained and their experience ensures a high level of advisory competence.

The body responsible for compliance with the GDPR under data protection law is the body that determines the purposes and means of the processing. This is always the company and never the data protection officer.

According to Article 39 GDPR, the internal or external data protection officer is responsible for informing the company and its employees about their obligations under data protection law and for advising them on data protection. Here, the data protection officer is required not only to reproduce the relevant regulations according to the GDPR, but to actively support the company in solving concrete problems that may arise during the implementation of measures. The internal or external data protection officer is fully liable in the event of intentional or gross negligence. In the case of normal negligence, there is a proportional distribution between the employer and the employee. The internal data protection officer is generally not liable for slight negligence. The situation is different for external data protection officers. If the external data protection officer does not fulfill his or her contractual duties to the required extent, for example due to incorrect advice, contractual claims for damages are conceivable to the full extent. This is another reason why the designation of an external data protection officer is advantageous for companies.

The obligation to cooperate and collaborate with the supervisory authority under the GDPR represents an important innovation in data protection compared to the old legal situation. This entitles internal or external data protection officers to communicate directly with the supervisory authority. This circumstance is also of importance for the supervisory authority, which in the past had to address itself primarily to the company management.

Here, the internal or external data protection officer will maintain communication with the supervisory authorities in close coordination with the management.

Contact us

Hintergrundgrafik intersoft consulting services AG
Julia Reiter
Sales Manager
We will gladly answer your questions or provide you with an individual offer. Request non-binding offer here