Direct call
Dragon Data Solutions Dragon Data Solutions DDS Logistics Software Dragon Data Solutions DDS Cloud Services Dragon Data Solutions DDS Data Protection Dragon Data Solutions DDS Archive

Protegas te et data
External data protection officer

External data protection officer

Your advantages through the external data protection officer

  • Certified expertise (TÜV certified)
  • Extensive know-how
  • Transparent cost structure
  • Low commitment of company resources
  • Termination possible at any time
    (Compared to the special protection against dismissal in the case of an internal data protection officer).

Our services for the implementation of the DSGVO

  • Level 1
    • Inventory of online services
    • Inventory of processing activities
    • Inventory of the IT system and its data security
  • Level 2
    • Establishment of a register of processing activities
    • Drawing up a catalogue of measures according to (target and must implement)
    • Draft contractual measures to ensure data protection

Notification of cooperation to the supervisory authority
(The data protection officer here becomes the contact point for the supervisory authority in questions related to the processing of personal data).

  • Level 3
    • Informing and advising data controllers and employees regarding their obligations under data protection law (in particular under DSGVO and "BDSG-Neu")
    • Monitoring compliance with data protection regulations

Data protection in the health sector

Data protection in the health sector

Personal data in the medical and health care sector
In no other industry is the processing of personal data as risky as in the medical and healthcare sectors.
With our years of experience in this sector, we accompany you in the legally compliant handling of your data and the legally compliant implementation of the GDPR.



Our trainings:

  • Employee training and awareness-raising in the area of data protection according to DSGVO
  • Data protection for employees in logistics
  • Data protection for healthcare workers
  • Data protection knowledge for managers

You can choose the form of the training yourself:

  • Training on site
  • Training in our training rooms
  • or via eLearning conveniently on your PC



Qualified data protection audits

With our team of IT and data protection experts, we conduct qualified data protection audits throughout Germany.

For further information, please do not hesitate to contact us at any time.



We publish two newsletters, the DDS Software Newsletter (contains all news about DDS Logistics, DDS Cloud + DDS Archive) and the DDS Data Protect Newsletter (contains everything about DDS data protection).

Interested in our newsletter? Click here for registration.


  • · Customer Service 05.04.2024

    New remote maintenance: "DDS - Rustdesk"

    A cyber security incident at the manufacturer Anydesk in February prompted us to actively warn our customers about the potential risks of the use of Anydesk. Due to what we consider to be inadequate communication with the manufacturer, we have replaced Anydesk in less than 2 weeks with a self-developed solution (based on Rustdesk).

    • · Independence from third-party manufacturers
    • · Switching servers are operated by DDS
    • · Location of all services in Germany
    • · Particularly high security thanks to closed user groups defined by DDS
    • · Encrypted communication

  • · Cloud 05.05.2024

    Update of the online server.

    The online servers receive additional features:
    Improved security:

    • · Authentication with 2 factors (MFA)
    • · Renewal of the firewall
    • · Enlarged backup memory
    • · Prevention of access from problematic third countries

    Improved performance:
    • · New hardware with data centre M2 storage
    • · More RAM and faster processors

  • · Data protection 23.06.2023

    Windows10 security updates

    As of now, Windows10 has only one version that will continue to receive security updates (22H2). We recommend all Windows 10 users to check their installed version and update if necessary.

  • · Logistics 02.05.2024

    Shipment tracking - new feature in DDS WebConnect Online

    Automated shipment tracking (e-mail dispatch on status change with link to status website) for predefined statuses from your in-house system. New feature in your customer portal now online.

  • · DDS 07.07.2023

    DDS research project in the field of AI + BMBF

    Dragon Data Solutions was already commissioned by the Federal Ministry of Education and Research with a research project in the field of AI in 2020. Now we are also allowed to "decorate" our services with the BSFZ-Seal.

  • · Data protection 17.04.2024

    Top GDPR fines

    • 75.000 € Company (Germany) - Sick notes in the e-mail distribution list
    • 145.000 € Consultancy firm (Spain) - Failure to encrypt a USB stick
    • 79.107.101 € Enel Energia S.p.A. (Italy) - Insufficient protection of a CRM system database
    • 10.000.000 € Uber Technologies Inc. and Uber B.V. (Netherland) - Violation of information obligations and data subject rights
    • 32.000.000 € AMAZON FRANCE LOGISTIQUE (France) - Disproportionate surveillance of employees

  • · Data protection 26.05.2023

    Whistleblower Protection Act - What companies must do now:

    Above all, companies with usually more than 50 employees are affected by the Whistleblower Protection Act ("HinSchG"). They will have to set up and operate internal whistleblowing units as of the entry into force in June 2023.



emerged from NWS GmbH (Laufach) we are a software company specialising in the development of logistics software. With our many years of experience in the logistics and IT security industry, we have an efficient answer to today's and tomorrow's requirements. In addition to the classic use of software, the services of Dragon Data Solutions GmbH also include the provision of a complete and secure IT infrastructure for transport service providers in the cloud.
Consulting services relating to data protection and the secure operation of an IT system are just as much a part of the portfolio of Dragon Data Solutions GmbH as specialised and individual consulting services relating to the integration of IT in logistics. as well as specialised and individual consulting services for the integration of IT in logistics.


Marcus G. Walker | Managing Directors | Axel Karl

Contact details



Do I have to appoint a data protection officer?

Pursuant to Section 38 (1) sentence 1 BDSG, in addition to Article 37 (1) b DSGVO, a data protection officer must be appointed by the controller and the processor. as well as the processor, insofar as they generally "permanently employ at least ten persons with the automated processing of personal data". processing of personal data".

„Where the controller or processor carries out processing operations subject to a data protection impact assessment pursuant to Article 35 of Regulation (EU) 2016/679, or process personal data on a business basis for the purpose of transfer, anonymised transfer or for the purposes of market research or opinion polling, they shall, irrespective of the number of persons involved in the processing, they shall appoint a data protection officer, irrespective of the number of persons involved in the processing.“

What is personal data?

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). The term "identifiable" also includes information that does not directly identify a person: For example, a customer number, For example, a customer number, a telephone number, an e-mail address or an IP address often allow the indirect identification of a natural person and are therefore considered to be in the same category as, for example, a direct name!

In practice, this definition means that, as a rule, every employee of a company who has a VDU workstation, processes personal data.

Liability for data protection breaches

With the entry into force of the GDPR on 25 May 2018, regulations on liability for data protection violations have also become legally effective:

  • Liability or right to material and immaterial damages (according to Art. 82 GDPR)
  • Fines of up to €20 million or 4% of the company's annual global turnover (under Art. 83 GDPR).
Breaches of duty in the area of data protection can make managing directors and board members personally liable for compensation. Compliance with the data protection regulations is, in the opinion of the European legislator, one of the central tasks of the management. It is the strict standard of care of the general clause of § 43 GmbHG and § 93 para. 2 AktG. A managing director may therefore not plead therefore not be able to claim that he does not have sufficient knowledge or skills or that he has delegated the tasks. Rather, it is the Rather, it is the duty of the managing director to inform himself comprehensively about data protection law or to seek advice and to monitor compliance with the rules in the company on an ongoing basis.

In case of violation of these duties, the liability of the management is therefore also threatened with his/her private assets!

The so-called double opt-in procedure

If you want to send newsletters and advertising mails, you need the explicit consent of the recipients. The double opt-in procedure requires that you have this consent confirmed again.
This is what you have to bear in mind with E-MAIL-MARKETING:
  • The recipient must actively agree (opt-in)
  • The recipient must confirm their consent a second time by validating their data (double opt-in)
  • A confirmation email must not contain advertising
  • Recipients must be able to unsubscribe at any time
Get recipients to actively agree
The recipients of your newsletters must tick the box themselves or otherwise actively consent to receiving newsletters. Consent must be completely voluntary and must not be given under pressure or coercion. An order in the online shop must, for example be possible without a newsletter subscription.

Have your consent confirmed (double opt-in)
If the recipient has agreed to receive newsletters, you must actively confirm the consent via an email with a confirmation link.
Save the consents so that you can prove them in court
You should be able to collect and present the following information to a court:
  • What did the text look like to which the recipient gave consent?
  • What did the confirmation email look like?
  • Date and time of the click on the confirmation link
  • If easily possible: IP address used to click the confirmation link
Recipients must be able to unsubscribe from the newsletter at any time
Put a revocation link in every newsletter you send out. Newsletter recipients can revoke their consent at any time via this link.

Pre-filled checkboxes are no longer permitted!

BGH ruling on cookie guidelines

Now there is clarity about the correct design of a cookie consent
Rulings on the use of cookies: First the ruling from the ECJ then the ruling from the BGH on 28 May 2020 (I ZR 7/16): In fact, there is now clarity about the correct design of a cookie consent ('cookie banner').

This is what your cookie banner should look like:
The ECJ and now also the BGH have decided that the user must actively consent before cookies are used. A "click OK to continue" banner without a decision option for consent is not sufficient! Even a preselected checkbox is not (any longer) permitted.
The user must be able to actively choose his consent and achieve it just as easily as a rejection!
In summary:
  • You need - especially for tracking cookies as well as tools and plug-ins that set cookies - a real (selectable or deselectable) consent of the users of your website.
  • A button "OK - I accept all cookies" or a cookie banner with a pre-selected checkbox is not enough!
  • The cookie banner must also actually block your cookies as long as the user has not consented.