eco External Data Protection Officer

Our “eco External Data Protection Officer” service is specifically designed to offer small and medium-sized member companies support from eco’s experts in data protection. Our aim is to help companies continuously adapt their business processes to ever-changing data protection requirements. This includes, among other things, assistance with the introduction of new processing procedures as well as the organisation of workshops to sensitise employees to data protection issues.

Advantages of an External Data Protection Officer

Companies from the telecommunications and Internet industry are a particular focus of data protection authorities, as data processing in these sectors is associated with significant risks. A number of member companies have therefore decided to avail of the eco External Data Protection Officer service. This not only allows them to conserve internal resources and avoid potential conflicts of interest, but also to outsource existing liability risks.

In 2025, eco’s data protection experts continued to support subscribers to the service in implementing current regulatory developments in data protection.

Implementation of Regulatory Developments – Focus on AI

A key focus was on the implementation of the EU AI Regulation (AI Act), the requirements of which are now gradually coming into force. Companies must, in particular, carry out risk classifications of their AI systems, fulfil transparency obligations, establish internal control mechanisms and expand their documentation processes. eco’s External Data Protection Officers provided support in evaluating existing and planned AI applications from a data protection perspective, accompanied the adaptation of internal compliance structures and worked towards establishing compliant and data protection-compliant use cases.

International Data Transfers and Third-Country References

In 2025, international data transfers remained a central focus of European data protection supervisory authorities. Companies were required to ensure that transfers to third countries – particularly in connection with the use of global cloud and AI services – were legally compliant and continuously reviewed. The existing guidelines of the European Data Protection Board on international data transfers, as well as on Transfer Impact Assessments (TIA) and supplementary safeguards, remained decisive. eco’s External Data Protection Officers supported the evaluation of existing service provider structures and the adjustment of contracts and transfer mechanisms.

Data Protection Organisation and Governance

Another focus was on the further development of internal data protection management systems. eco’s External Data Protection Officers provided support in:

• updating records of processing activities
• conducting and updating data protection impact assessments
• reviewing technical and organisational measures
• drafting data protection-compliant data processing agreements
• internal training and awareness-raising measures