External Data Protection Officer

Information about the GDPR

The General Data Protection Regulation (full title: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of persons and repealing Directive 95/46 / EC) is the basis of general data protection law in the EU and thus also in Austria (as well as Germany, France, Slovenia, Romania, and Great Britain applicable from 25 May 2018.

All relevant processing activities must comply with applicable law. Any company that processes personal data in whichever way (for example, keeping a customer file, issuing invoices, storing supplier data) is affected. This results in significant changes for companies.

Who needs a DPO?

An obligation to appoint a data protection officer is provided for companies only if:

  • The core activity consists of processing operations which, by their nature, scope and / or purpose, require extensive regular and systematic monitoring of data subjects on a large scale (e.g. banks, insurance companies, credit bureaus and professional detectives).

  • the company’s core activity consists of the processing on a large scale of sensitive data or data relating to criminal convictions or offences (e.g. hospitals).

A voluntary appointment of a data protection officer is possible at any time.

Why an external DPO?

The data protection officer must not be subject to conflicts of interest. If an employee is appointed as data protection officer, however, he / she shall not continue to be responsible for tasks, which might result in a conflict of interest with a data protection officer’s responsibilities or assume such tasks in addition to acting as data protection officer.

Engaging RBS means that you avoid any internal risks and, at the same, comply with all legal requirements.

As your external data protection officer, we advise you and your company on all data protection issues, ensuring ongoing compliance with legal standards, adapting procedures to the requirements of new laws and taking into account current changes in internal processes within your company.

Our service as DPO

  • Informing and advising entrepreneurs and employees on their obligations under data protection law.

  • Monitoring and reviewing data protection compliance and privacy policies, including the allocation of responsibilities, awareness and training of employees.

  • Consultation – on request – in the context of the DPIA and monitoring its implementation.

  • Cooperation with the regulator and acting as relevant contact.

  • Management of the record of processing activities


Our offer is tailored to your needs. The starting point depends on the requirements of the individual company. In general, the costs are based on the required services.

Therefore, it is to our common benefit if we get to know the company structure in advance in order to be able to provide you with a specific and accurate offer.

We would be happy to send you a non-binding offer and inform you in detail about the required services and the corresponding costs.


Contact us:

Austria & EU Inquiries