Our External Data Protection Officer Service
The GDPR recognises the DPO as a key player in facilitating regulatory compliance, with their appointment mandatory for all public authorities and many private organisations.
Even where the GDPR does not specifically require the appointment of a DPO, it is highly encouraged as a matter of good practice and to demonstrate compliance.
Many organisations, particularly smaller ones, may find that the DPO responsibilities are a challenge to deliver, given the breadth of knowledge required on data processing and data security operations, and the requisite familiarity with the legal aspects of the GDPR.
The Regulation allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, outsourcing these tasks and duties can help your organisation to address the compliance demands of the GDPR while staying focused on your core business activities.
Benefits of an external DPO
- Practical and cost-effective solution to achieve GDPR compliance.
- Access to independent DPO expertise not available internally.
- No conflict of interest between the DPO and other business activities.
- Application of best practice in achieving and maintaining compliance with the GDPR.
- Cost effective compared to an internal appointment.
- Access to GDPR training and compliance solutions.
Services we provide as your external DPO
The services listed below are those we provide as your external DPO. We may vary this list from time to time but will always give you 30 days notice of any changes.
- Dedicated support from a DPO team with over 50 years collective experience of data security (and importantly 18 months experience of GDPR)
As part of our remote DPO service, you have full access to our team of GDPR consultants who collectively have 50 years of experience in data security.
- GDPR GAP Analysis and Report
Within your first 30 days of membership, we will conduct a remote GDPR GAP analysis of your website and operations and provide you with a GAP report. The GAP report will detail actions we consider essential, actions we would recommend, and optional actions you may wish to undertake (or commission us to do) but they are not essential for you to perform.
- Facilitate GDPR Awareness Training
By appointing us as your remote DPO, you also gain access to our online training course, GDPR Made Simple. We would recommend that at least one member of your team completes this training programme as it will give you a good basis for understanding GDPR requirements.
- Oversee the establishment of a data subject access request register
It is important that you maintain a data subject access request register. We will provide you with a template for this.
- Oversee the establishment of a data breach register
It is vitally important that you maintain a data breach register. We will provide you with a template for this.
- Advise on the necessity of a data protection impact assessment
When you make changes to your processes, increase or reduce your headcount or introduce new computer software, it may be necessary to conduct a data protection impact assessment. We will provide you with advice on whether this is required for any changes you plan to implement. We will also review your data protection impact assessments if you conduct them yourself, or we will conduct them on your behalf, but if this is the case, there will be an additional fee for each data protection impact assessment we undertake.
- Provide guidance in the event of a data breach
If you have a data breach, you should always record it in your data breach register (see 2.6 above). If a significant volume of data is concerned, or the data is unencrypted or in paper form, you should contact us for guidance on how to proceed.
- Serve as the contact point for data protection authorities for all GDPR issues
We will act as the conduit between yourselves and the Information Commissioner’s Office on all matters related to GDPR.
- Provide advice and guidance on responses to data access requests from data subjects
It can sometimes be difficult to know if you have to respond to a data access request and if you do, how much data you need to supply to the person making request. We provide you with direct guidance on this, so please contact us regarding any data subject access requests which cause you concern.
- Monitor compliance with GDPR
We will assist you with information gathering to identify personal data processing activities, verify GDPR compliance of your processing activities and provide advice and guidance on GDPR compliance best practice.