For most organisations data is one of the most important and valuable resources that they hold. Organisations are now handling more data than ever before, as a result of this increased usage of data, the challenges and risks associated with handling data have also increased. This has led to the field becoming increasing regulated, often with a combination of industry specific requirements and codes of practice, as well as national and international regulations. This area looks set to grow over the coming years with further regulations currently being discussed by the European Union and a range of other local data protection laws expected to become effective in the near future.
One of the key requirements introduced by the recent legislative changes is the introduction of the role of Data Protection Officer. Whilst not all organisations will require a DPO, for those that do, particularly small and medium sized businesses it can be an unnecessary burden. Many clients that we have worked with advise of the challenge of appointing someone with the correct skills and experience. This often leads to organisations appointing someone within the organisation that doesn’t necessarily satisfy the requirements set out within Article 39 GDPR and Section 69 DPA 2018. This is a risky approach and renders the business open to enforcement action from a supervisory authority. Failing to appoint a DPO (or failing to appoint an adequately qualified/experienced DPO) can leave an organization exposed to a fine of up to € 10M or 2% of global turnover (where this exceeds €10M).
Appointing an external organization to act as your DPO has a number of benefits, some of these are set out below:
- Independent professional advice and guidance on privacy laws
- Experiences and knowledge from a range of organisations and industries
- No need to pay for specialist training courses and CPD
- Rapidly access additional resources
- Range of on and offsite options
- Cost effective
Our packages start at £349 per month and we will work with you to identify your organisational requirements. As standard you will have an appointed person who is accessible by phone and email during business hours, some of the other features our clients ask for are:
- Managing Data Subject Rights (DSR)
- Conducting audits and assessments
- Delivering staff training
- Working on policies and procedures
- Supporting with Data Protection Impact Assessments
- Advising on appropriate lawful bases
- Managing communications and engagement with regulatory authorities
- Supporting with data breaches
- Proactive engagement with your business
- Implementing privacy tool automation
We can provide DPO as a service on a short-term basis, for example where your existing DPO is out of the office on annual leave, medium-term, where you need support with a specific project or whilst you recruit a permanent DPO, or long-term. Our offering is fully customisable to ensure that your organisation gets the maximum benefit.