Data Protection Officer as a Service

Although all UK organisations have to comply with the General Data Protection Regulations (GDPR), not every organisation is required to appoint a Data Protection Officer (DPO).  Even so you must designate someone to take responsibility for data protection compliance and assess where this role will sit within the organisation’s structure and governance arrangements.

Future thinking organisations are choosing to appoint a DPO, even if it is not required, to help regulate their privacy and build a stronger foundation of trust with their customers.

The tasks required of the DPO are set out in the GDPR and it also allows organisations to appoint an external DPO based on a service contract – this means that we can act on your behalf as your DPO.

We shape our service for your organisation to help you meet the GDPR’s mandatory requirements:

Inform and advise you of your legal obligations regarding data protection and keep you up to date with information on;

  • The latest Data Protection practices
  • Changes in the law and consultations
  • Details of conferences and events held by the Information Commissioners Office (ICO)
  • Results of ICO enforcement action
  • Frequently asked questions

Monitor compliance with GDPR and with data protection policies and processes;

  • Initial DPO compliance assessment
  • Periodic re-assessments with reporting on progress and risk
  • Specific remediation advice

Provide training;

  • Induction training for new members of the team
  • Update training (as identified) for all team members
  • Annual competency assessment in Data Protection and Information Security

Provide advice on, and the infrastructure for the management of data impact assessment (DPIA) and, where requested, manage their performance at a discounted rate from our normal consultancy fees i.e.;

  • Monitoring of risks identified
  • Advice for remediation and identified training
  • Periodic re-assessment as required

Be the primary point of contact for the ICO. Where additional work is required this can be carried out at a discounted rate from our normal consultancy fees i.e.;

  • DPIA requests
  • Data subject complaints
  • Working with ICO audits or inspections

Managing and monitoring the processes for Data subject rights requests;

  • Respond to subject access requests (SAR’s)
  • Co-ordinate deletion requests

Having regard to the risk associated with processing operations;

  • Design and organisation of “records of processing”
  • Access and maintenance of the Data Privacy Risk Register
  • Reporting and managing of identified risks

Along with the above the service includes;

  • Rapid response telephone/e-mail support (subject to our fair use policy)

The cost of providing this service is spread over 12 months as follows;

Up to 2 personnel £100/month
3 to 10 personnel £230/month
11 to 20 personnel £250/month
21 to 30 personnel £270/month
31 to 40 personnel £290/month
41 to 50 personnel £310/month
Over 50 personnel Price on application
Please note that reasonable travelling expenses are not included.