Who needs a
data protection officer?


Read the answer

We and data protection

This page is a "first information" for authorities, companies, clubs, associations and other parties who are interessted in  data protection or rather IT security.

We have willfuly decided to provide the essential information as our business model is directed to recommendations and we experienced that a smart business information - like this page www.eedpo.com - is very helpful and time efficient after receiving an active recommendation. We have been growing our customer portfolio just by mouth to mouth by our clients since taking effect of the GDPR we are faced with a huge increase of requests.

A good provision of services contains "service, achievement and confidence". With the fulfilment of these 3 key points we compile our customers in future. Only satisfied customers stay customers and only satisfied customers recommend positiv. We are asking activly our customers if they are satisfied with our performance and if and where we may improve. We also animate our customers to recommend our business actively.


Therefore we do not have to spend amounts of money for advertisements - our costs stay reasonable and therefore our customer prices.

We do not sell - we consult. Doing so it is important to us having a fair and transparent commerce. We also do not offer by default packages or flat rates off-the-shelf but demand for apointment of an external data protection officer a economic reasonable montly amount for both parties. Any other services which are resulting of the GDPR obligations and appointment of the data protection officer are charge by hourly or daly rates. You have at any time cost overview and no hidden and surprising costs as in plenty of various market offers. If you like to have monthly flat rate for a fix budget forecast please feel free to get in contact - we will find a solution together.

EEDPO - External European Data Protection

Heiko Wolfenstädter

external european
data protection officer


Ute Wischgoll

external european
data protection officer


Certified by TÜV and CertEuropa

  • Data Protection Officer I Datenschutzbeauftragter DSB – TÜV
  • Data Protection Auditor I Datenschutzauditor DSA – TÜV
  • CISO I Information Security Officer (ISO/IEC 27001) – TÜV
  • ISA/ISLA I Information Security Auditor/Lead Auditor (ISO/IEC 27001) – TÜV
  • Controller of critical infrastructure business I Prüfer für Betreiber kritischer Betriebe KRITIS
  • Quality Management Officer I Qualitätsmanagement-Beauftragter QMB – TÜV
  • Profession and vocational pedagogic instructors acc. AEVO I Berufs- und arbeitspädagogische Ausbilder nach AEVO
  • Lean Six Sigma Blackbelt - CertEuropa

The certificates may be apprehended in regard to a business relationship. The same is applicable for requalification, perpetuation and extension of the experience in regard to a business relationsship.

Your requirements – Who needs a data protection officer?

Who needs a data protection officer?

A data protection officer is mandatory according article 37 GDPR for any company in which personal date are processed. Per definition this contains e. g. name, e-mail, bank account, location, etc.

For small enterprises there is an exception according to German law: Data protection officers have to be appointed if minimum 20 employees are  regulary working with personal data (§38 BDSG). But any employee counts - even if he is only once a week proceeding personal data or only part time working. Means as soon as more than 19 employees are on the payroll and they use mainly PC for their work ANY responsible should evaluate if he needs to apoint a data protection officer. Almost by any task whilst using a PC employees are getting in contact with personal data. Just by saving an e-mail address of a customer is processing personal data...

Responsibles have to take into account even if they are not obliged to appoint a data protection officer to follow accordingly the regulations and laws - they are not absolved of data protection laws. Either you appropirate the knowledge - or you get consultation. We cover any of these constellations - without regular appointment of a data protection officer - we consult you on demand. In this cases our terms are per hour or day - for more details please get in contact.


Independantly of number of persons a company needs in addition by law a Data Protection Officier in following situations:

  1. Processing of data for which a data protecton impact assessment is mandatory. Espescially for sensitve data or if there is a high risk for concerned persons in case of misuse of their data like data of ethical origin, sexual orientation, economic situation, religious believe or health (medic, physiotherapists, etc. may be counted without doubt). Also in case a company installs a surveillance system on factory premises those records are defined as sensitve data.
  2. A company transfer personal data to third party - like classical address trading - or processing for marketing or opinion research reasons.
  3. If the company was/is in conflict with GDPR the authority may request the apointment of a data protection officer.

As soon as you took a decision to go ahead or if you have been requested by authorities the process is as following:

  • Initial Meeting
  • Agreement of conditions
  • Audit
  • Audit report
  • Project plan
  • Transformation
  • Check

External Data Protection Officers from eedpo.com - be safe - we support you - assured!

Without IT security no digital data protection

Just with an effective IT security concept a data protection and the protection of major company data puts you in a position to protect data sustained. We cover both areas and consult you in one.

The combination of IT management and data protection management system is achieved at best if both systems are taken into account at the momtent of concept planning creation. In the ISMS we are a competent partner in introduction of ISO 27001. After successful certification thru an accredited authority you may use this activly as a proof of your IT security standard. Internatnioal rule - internationaly accepted.


We also do not underlie any conflicting interests. It is you who always decides with which IT provider you put your actions in place. If necessary we are in a very good postion and have a huge network to get assisted by national and internationl high skilled professionals. With the most of these professionals we allready worked  very successful in the past and gathered very good experiences.

We do not want to forget informing about that we support other internal and external data protection officers with our advise or as a sparrings partner.

Also we do appoint external CISO for compareable, fair and reasonable conditions like the external data protection officer – Support as a Service.