Nationwide · 16 federal states

DPO mandates, placed locally.

Availability under Art. 38 GDPR does not require a local presence. But regional proximity saves travel time for on-site audits and makes coordination with the relevant supervisory authority smoother.

Choose a location Request directly

10: cities listed
16: federal states
9: supervisory authorities

Current coverage

live

Further cities on request. Nationwide availability via the partner network across all 16 federal states.

By region

Choose your city, we match from the regional network.

NORD · 3 cities

Northern Germany

Hanseatic cities, logistics, insurers.

Hamburg · Bremen · Lower Saxony · Schleswig-Holstein · Mecklenburg-Western Pomerania

Bremen

Logistics & PortsMaritime Industry+3

LfDI Bremen

Hamburg

Logistics & PortMedia & Publishing+3

HmbBfDI

Hannover

Niedersachsen

InsuranceMechanical Engineering & Industry+3

LfD Niedersachsen

WEST · 3 cities

Western Germany

Banks, advertising, industry.

North Rhine-Westphalia · Hesse · Rhineland-Palatinate · Saarland

Düsseldorf

Nordrhein-Westfalen

Advertising & MarketingFashion & Consumer Goods+3

LDI NRW

Frankfurt

Hessen

Banks & Financial ServicesInsurance+3

HBDI

Köln

Nordrhein-Westfalen

InsuranceMedia & Publishing+3

LDI NRW

SUED · 2 cities

Southern Germany

Tech, pharma, mechanical engineering.

Bavaria · Baden-Württemberg

München

Bayern

Tech & SaaSPharma & Biotech+3

BayLDA

Stuttgart

Baden-Württemberg

AutomotiveMechanical Engineering+3

LfDI Baden-Württemberg

OST · 2 cities

Eastern Germany

Startups, automotive, new industry.

Berlin · Brandenburg · Saxony · Saxony-Anhalt · Thuringia

Berlin

Startups & SaaSE-commerce+3

BlnBDI

Leipzig

Sachsen

Automotive (BMW, Porsche)Logistics (DHL hub)+3

SDB

Why match regionally?

It isn't mandatory. It's practical anyway.

Art. 38 GDPR only requires availability, not a seat in the same federal state. Regional proximity is still a real lever, for three reasons:

On-site audits

For TISAX, ISO 27001 or VAG audits, the physical presence of the DPO is often useful. Regional partners don't travel 600 km for a single audit support day.

Relationship with the supervisory authority

State data protection authorities differ in their supervisory practice. DPOs with established communication with the relevant authority resolve cases faster, and without escalation.

Industry knowledge on the ground

Stuttgart mechanical engineering, Munich pharma, Frankfurt banking, Berlin startup stack, regional industry clusters need industry experience.

Request an external Data Protection Officer (DPO)

We match you with a certified DPO from the Kopexa partner network, matched to your industry, location and language. Response within one business day.

A partner network, not a lone consultant

Access to certified DPOs with a range of industry specializations.

Complete GRC suite in the Pro plan

Kopexa Pro (599 EUR/month): unlimited frameworks, OSCAL support, vendor and asset management, cross-framework mapping, audit & assessments. Not just DPO tooling.

Transparent flat-rate pricing

DPO flat rate and platform license shown separately. No hidden tool costs.

External Data Protection Officer (DPO)

Overview: what an external DPO does, when one is mandatory and how the Kopexa partner network places them.

Cost & packages

Pricing models for external DPOs compared: hourly fee, monthly flat rate, packages by company size.

Check your obligation

Does your company need a DPO? Interactive checker based on Section 38 BDSG and Art. 37 GDPR.