Write email

Who is responsible?

Author: Niklas Drexler
Last updated: 03.07.2023
Category: Data Security

Who is responsible for handling personal data? This is a recurring question in day-to-day consultancy. No one likes to take responsibility, especially for things that are difficult to understand, especially if they don't see the need for it. But it is an easy question to answer. It is always and in all cases the CEO, the board or a similar body that is responsible for ensuring compliance with data protection laws. This is true even if they have appointed an internal or external Data Protection Officer (DPO). The DPO will advise, review and monitor the necessary measures.

The DPO is the point of contact for employees, customers and authorities in the event of a data breach. The DPO is not responsible for implementing the measures within the company, as he or she does not have the authority or resources to do so. Ultimate responsibility always lies with senior management. Management is subject to sanctions and liability and must be able to assess the effectiveness of all measures. Therefore, anyone who believes that simply appointing a DPO will protect them from sanctions is sadly mistaken.

Viele Finger zeigen auf einen Geschäftsmann — © photoschmidt / stock.adobe.com | #189837264

More information on this subject can be found here.

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.

Group	essential
Name	Matomo
Technical name
Provider
Expire in days	72
Privacy policy
Use	Use without cookies
Allowed
Group	external media
Name	Calendly
Technical name	__cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy
Use	To arrange appointments via the provider Calendly
Allowed
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed