Hintergrundgrafik intersoft consulting services AG
Skip to content

Group Data Protection Officer

With proven best practices in an international context, we support our customers in minimizing risk.

Your benefits

Convince yourself of the benefits of a cooperation with us.

  • Expertise in the corporate group structure

    The group data protection officer has many years of expertise in setting up a data protection organization across the entire corporate group.

  • Specialized knowledge in an international context

    We are a tried-and-tested consulting partner when it comes to dealing with country-specific issues and structural differences.

  • Integrated solutions

    We ensure a uniform level of data protection within the group that regulates processes within the corporate group in a legally secure and economically sensible manner.

Professional data protection management for corporations

Best practice processes in corporate data protection

Organizing data processing globally and thus minimizing corporate risks is a major challenge in a corporate group structure. In order to centralize data protection, a group of companies can appoint one person as its group data protection officer. The Group Data Protection Officer performs the tasks in accordance with Article 39 of the GDPR. In doing so, he centrally controls and monitors the implementation of the GDPR in the group.

We, intersoft consulting services AG, have been supporting corporate groups in data protection for more than a decade and always follow a hands-on approach. Our group data protection officers are lawyers with a great deal of technical understanding. An external group data protection officer of intersoft consulting ensures uniform data protection standards within the group of companies and also includes individual differences in the cross-national consulting. The external group data protection officer can quickly capture complex issues, always maintains an objective view and is a professional contact for authorities and affected parties. He or she works with you as part of a team and is absolutely confident in leadership and negotiating skills.

Establishment of a global data protection organization

Together with you, we centrally ensure data protection-compliant processing within your group structure with the external group data protection officer. In doing so, we always take into account individual business interests and structural conditions. In his function, your external Group Data Protection Officer reports to the highest management level of the corporate group.

In the beginning, the external group data protection officer carries out an analysis of the current situation. The status of the implementation of data protection throughout the group is determined and, in the event of deviations, a risk assessment is carried out and recommendations for action are identified. The results also serve as a basis for ongoing activities in the role of the group data protection officer.

As part of our ongoing consulting services, we provide support for you in setting up a global data protection organization – using the so-called coordinator model. Data protection coordinators or data protection champions are appointed in the individual group companies to support the group data protection officer. Within their area of responsibility, the data protection coordinators support the management and the Group Data Protection Officer in implementing data protection regulations and act as an interface between local authorities and data subjects and the centrally located group data protection officer. We have had very good experience with the coordinator model for many years, have excellent expertise and proven best practices.

This is how we can support you

  • Position of an external group data protection officer
  • Establishment of a global data protection organization
  • Carrying out a state analysis (data protection check)
  • Establishment of a data protection management system based on the GDPR
  • Training of data protection coordinators and consulting during ongoing operations
  • Development of strategic data protection documents such as data protection guidelines / privacy policies, templates, or a data protection concept
  • Advice on data transfers abroad in compliance with data protection requirements and on the exchange of personal data within the group
  • Design of data protection processes such as information and complaint management or notification of data protection violations
  • Monitoring the implementation of data protection regulations
Hintergrundgrafik intersoft consulting services AG
You too can trust one of the leading service providers for data protection in Germany. Request an offer here

Frequently asked questions about the group data protection officer

We’ll tell you what you should know about the role of the group data protection officer.

A significant challenge for data processing within different corporate groups is that there is no so-called “group privilege” in data protection law. This means that if personal data is transferred to a third party, i.e., outside the company itself, it does not matter whether this third party is a third party or a company within the group structure.

The GDPR provides some relief in group data protection for data transfers based on a legitimate interest of the companies involved. According to Recital 48 of the GDPR, data controllers that are part of a group of companies may have a legitimate interest in transferring personal data within this group for internal administrative purposes. Due to the lack of group privilege in the area of data protection, it is important to ensure that a legal basis exists for any intra-group exchange of personal data. Our experienced data protection consultants will be happy to help you implement data transfers within the corporate group that comply with data protection requirements.

The lack of group privilege poses challenges for group companies. Outsourcing certain corporate areas (e.g., accounting, human resources management or payroll) and centralizing data processing at the group parent will not be possible without further ado.

When introducing and using a group database, it must be clarified, for example, which company is actually “responsible” or whether “joint responsibility” between the participating group companies can even be considered. Under certain circumstances, commissioned processing may also be considered. In addition, companies are under an obligation to base each intra-group transfer of personal data on a valid legal basis. If a group company involved is located in a third country, additional requirements have to be fulfilled. If the group company independently processes employee data that it receives from a group company from the EEA area, the standard contractual clauses provided by the European Commission require supplementary regulations for data protection-compliant data transfer of employee data.

According to Art. 37 (2) GDPR, a group of companies may appoint a joint data protection officer, provided that the data protection officer can be reached from each branch. This was already permissible and customary under the German Federal Data Protection Act (BDSG). The GDPR makes this even easier. A significant advantage of appointing a group data protection officer is the establishment of a uniform level of data protection in the entrepreneurial group through the central organization.

Various models are available to achieve this purpose. Under the so-called single model, one and the same person can hold the function of data protection officer for several or all group companies. In this case, each group subsidiary has properly appointed this person as Group Data Protection Officer. The larger the corporate group, the more resources and employees the Group Data Protection Officer requires in the single model.

An alternative to this is the so-called coordinator model. In this model, each company in the group appoints its own data protection officer, while the group-wide data privacy organization is coordinated by a Group Data Protection Officer. What both models have in common is that all the threads come together at one expert office in order to find uniform solutions for cross-company issues in data privacy.

Competence of more than 60 consultants

More than 60 consultants provide suitable solutions for your company. Meet some selected consultants here.

Listed below you will find certificates and memberships of the group of companies, which prove our high standards.

Servicepoint Cybersecurity

Servicepoint Cybersecurity

intersoft consulting services AG is part of the security partnership Servicepoint Cybersecurity in Schleswig-Holstein. The Servicepoint Cybersecurity is an initiative of the independent organization of the digital economy DiWiSH. It provides a central and confidential point of contact for inquiries about preventive measures. In the event of imminent attacks, it helps to request specialized cybersecurity companies such as intersoft consulting services AG for support offers anonymously.

Cyber Security Practitioner

Cyber Security Practitioner

Several employees of intersoft consulting services AG are certified as Cyber Security Practitioner (CSP) by the Information Systems Audit and Control Association (ISACA). This is a certificate course in cooperation with the Alliance for Cyber Security from the German Federal Office for Information Security (BSI). This qualifies the employee as an expert in this field and enables him/her to perform a cyber security check to assess cyber security in companies and government agencies.

IAPP Corporate Member

IAPP Corporate Member

Through our corporate membership in the International Association of Privacy Professionals (IAPP), our consultants are interconnected with leading data protection and IT security experts worldwide. As an internationally recognized standard, IAPP signals a high level of trust and is gaining in importance due to the GDPR.

CIPP/E Certification

CIPP/E Certification

Consultants from intersoft consulting services AG have been certified as Certified Information Privacy Professionals (CIPP/E) by the International Association of Privacy Professionals (IAPP). The certificate is ANSI and ISO compliant (ISO 17024) and identifies the consultant as having recognized qualifications in the area of European data protection.

ISO 9001 certified

ISO 9001 certified

With the certification of its quality management according to ISO 9001, intersoft consulting services AG documents its efforts to continuously improve its services, processes and cost efficiency in order to further increase customer and employee satisfaction.
View certificate

Committed according to association criteria of the BvD

Committed according to association criteria of the BvD

intersoft consulting services and its external data protection officers are obligated to comply with the association criteria of “expertise” and “reliability” of the German Association of Data Protection Officers (BvD). (BvD). The criteria guarantee a high and constant level of data protection.

Cyber Security Council Germany e.V.

Cyber Security Council Germany e.V.

Cyber-Sicherheitsrat Deutschland e.V. is an association whose purpose is to promote the security of business and society in the age of digitalization and also to position itself as a pioneer internationally. Companies, authorities and political decision-makers shall be strengthened in the fight against cybercrime. As a member, intersoft consulting services AG is proactively involved and advises companies with great competence in the area of cyber security.

CIPM Certification

CIPM Certification

Consultants from intersoft consulting services AG have been certified as Certified Information Privacy Managers (CIPM) by the International Association of Privacy Professionals (IAPP). The CIPM is the only globally accredited certification in data privacy management and trains contact persons with a high level of expertise for day-to-day business in all aspects of data protection. The certification is also ISO accredited (ISO 17024:2012).

  • Fully qualified lawyers (2 state examinations), including attorneys with doctorates
  • Specialists in IT law, intellectual property law, copyright and media law, insurance law and social law
  • Master of Laws in IT law, media law, intellectual property law and industrial property law
  • Bachelor of Laws in information law and business law
  • TÜV‑certified data protection officers and data protection auditors
  • Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E)
  • IT‑Compliance Manager (ISACA) and Compliance Officer (TÜV)
  • Data Protection Officer following association criteria (BvD)
  • BSI certified audit team leader for ISO 27001 based on IT baseline protection and IS auditor
  • ISO/IEC 27001 Lead Auditor, ISO/IEC 27001 Implementer, ISO/IEC 27001 Practitioner
  • GIAC Certified Forensic Examiner, GIAC Advanced Smartphone Forensics, GIAC Reverse Engineering Malware, GIAC Cyber Threat Intelligence, GIAC Certified Incident Handler, GIAC Penetration Tester, GIAC Battlefield Forensics and Acquisition
  • IT Security Officer (TÜV)
  • Computer scientist and business information scientist
  • Master of Engineering IT Security and Forensics
  • Bachelor of Science General and Digital Forensics
  • Cyber Security Practitioner (ISACA), IT Information Security Practitioner (ISACA)


We advise hundreds of companies throughout Germany and are thus represented in all industries. This is only an excerpt of our references.

Warner Music Group
Schmitz Cargobull
Panasonic Electric Works Europe
Porsche Consulting

Our locations

With branches throughout Germany, we are also represented in close proximity to you.

Contact us

Hintergrundgrafik intersoft consulting services AG
Julia Reiter
Sales Manager
We will gladly answer your questions or provide you with an individual offer. Request non-binding offer here