DPO as a service
Looking to engage a Data Protection Officer (DPO)?
We provide Data Protection Officers to all sizes and types of organisations. Engaging one of our skilled and experienced professionals is a pragmatic and cost-effective solution.
What do we do?
Our skilled and experienced Data Protection Officers (DPO’s) can fully assess your current level of compliance with UK GDPR (Data Protection Act 2018). Your DPO will derive a privacy by design plan with a list of actions that your organisation needs to take to ensure you are UK GDPR compliant.
Use our DPO Self Assessment Tool to see if you need one for your organisation. Note – click here if you are looking for an EU or UK Representative.
Every organisation needs to be UK GDPR compliant, but not everyone knows exactly what this means.
Our DPO as a service allows you to understand where you are at the moment, and helps you take the steps you need to be fully compliant with UK GDPR.
EU GDPR and UK GDPR requires many organisations to have a Data Protection Officer (DPO).
This legal requirement is very difficult to adhere to as the person undertaking the role must have no conflict of interest with other roles in the business e.g. owner, executive, head of function etc.
The DPO also has to be appropriately trained and experienced. Outsourcing this to Data Privacy Services is a more cost effective and pragmatic option.
The responsibilities of the DPO are not something that organisations can decide on their own. The legislation has specific requirements regarding the role of the DPO. For example:
- Monitoring the organisation’s overall UK GDPR compliance.
- Ensuring that data protection incidents are handled in accordance with the legislation.
- Managing Data Subject Access Requests (DSAR’s).
- Monitoring and advising on data protection awareness training.
- Oversee training of staff involved in data processing operations.
- Advising on Data Protection Impact Assessments, their implementation and outcomes.
- Serving as the point of contact with data protection authorities.
The DPO role is a senior role within the organisation. It cannot be carried out by someone who has a conflict of interest, who isn’t sufficiently trained and who isn’t experienced enough to undertake the role.
There are many proven benefits of outsourcing the DPO role, whether or not you have a legal requirement to appoint a DPO.
Best practice in data protection means that your organisation should have a skilled and experienced DPO in place. If you process Special Category data (e.g. health data) then you have a confirmed legal requirement to appoint a DPO.
Outsourcing is the more cost effective and pragmatic option rather than recruiting an internal staff member to do this role. This is mainly due to the conflict of interest requirement but also outsourcing is significantly cheaper.
Having DPO can assist you to win more business, avoid regulatory penalties and basically support the overall compliance requirements relating to data protection and information security legislation.
Onboarding is easy
Onboarding Data Privacy Services as your Data Protection Officer (DPO) is not a difficult task.
We like to keep it as simple as possible, it normally takes no longer than a week to assign us as your DPO and for us to get started with our compliance related activities.
Once onboarded, our role is to quickly get a solid understanding of your current compliance status and to establish a plan for resolving any gaps.
The first activity that we undertake for new clients is a data protection audit.
It is important that we fully understand the level of existing compliance so that we can establish a plan for bridging any gaps.
The audit doesn’t take that long and it gives you a better understanding of the legal requirements and what needs to be done to comply with the legislation.
All organisations that process personal data are required to have prepared a data protection incident management plan.
This plan needs to document how the organisation intends to comply with the legal requirements to manage such incidents including the need to report incident to the regulator.
Data Privacy Services offers all of their DPO customers access to their online Customer Portal.
This portal allows customers to raise support requests and to track their progress throughout the lifecycle of the request.
All prices are exclusive of VAT.
Entry level service. This allows you to nominate one of our experienced and qualified team members as your organisation’s registered DPO with the Information Commissioner.
Basic level service. This is for small organisations, and provides you with up to 2 hours of dedicated DPO time per month including a monthly meeting to manage the privacy by design plan.
This is the most popular level of service, for small and medium-sized organisations. Provides up to 4 hours of dedicated DPO time per month including monthly meeting.
Enhanced level of service. This is for medium to large-sized organisations, and provides you with up to 8 hours of dedicated DPO time per month and a monthly meeting.
Premium service levels. This is for larger organisations, and provides you with up to 12 hours of dedicated DPO time per month, and a monthly meeting.
Custom service level. This is normally for larger organisations, and provides you with a dedicated DPO resource for whatever specified tasks and time-scale is required.
A DPO you can trust
DPO as a Service - Keep your management team updated
Your appointed Data Protection Officer will meet with you on a regular basis (level 2 and above) to review compliance activities and provide you with meeting minutes that can be used as evidence of Compliance management should the need arise. This includes reviewing actions with the privacy by design plan that we establish on your behalf.
We will to fully integrate our services into your organisation, so that we can mutually progress towards implementing ‘privacy by design’. With this in mind, we typically like to work with our clients for at least twelve months. However, most of our clients tend to stay with us for much longer and our retention rate is above 90%.
All the advice and support you need
We provide advice, guidance and support for all of your data protection issues
We can provide regular advice and guidance by telephone and email, as and when you require it. We always try to provide you with the answer you need within 24 hours of initial contact. This includes dealing with enquiries from new and potential customers, as well as assisting with bid management processes. Our dedicated ‘Customer Portal’ is an ideal way of ensuring that your requirements are tracked and dealt with in a timely manner.
Our DPOs are heavily involved in providing initial guidance on breaches of data protection and also the handling of Data Subject Access Requests (DSARs). Depending on the level of service you have chosen, we often take full accountability for managing these issues within your organisation.