Data Protection Officer as a Service

If you need to designate a DPO for your organisation, we can help. We offer cost effective Outsourced and Virtual DPO services, delivered by suitably experienced personnel.

You’ll get a lead DPO who’ll be supported by the wider team as required. There are no ‘call centre’ type operations, just real people who you’ll come to see as an extended member of your workforce.

Our DPO Services

Virtual DPO

Our Virtual DPO service provides you with a designated data protection officer who monitors and advises on compliance with GDPR / DPA18. We register ourselves as your DPO with the Information Commissioner’s Office and act as their point of contact for your organisation.

You get telephone and email access to our DPO service during normal working days up to an agreed number of hours each month. If you need extended hours coverage, we can arrange that as well.

Outsourced DPO

Our Outsourced DPO service provides you with a data protection officer that works as an extended member of your team, with committed time onsite. The service provides data protection program management in addition to monitoring and advising on compliance with GDPR / DPIA18 and PECR.

We register ourselves as your DPO with the Information Commissioner’s Office and act as their point of contact for your organisation. We’ll agree hours of coverage with you at the outset of our engagement.

Data Protection Manager

If you aren’t mandated to designate a DPO but need a suitably experienced person to lead your data protection programme still, we can provide you with an outsourced Data Protection Manager.

In much the same way as you might outsource HR, we can provide you with a Virtual Data Protection Manager or Consulting Data Protection Manager to take responsibility for your privacy programme. These services work in the same way as our DPO services.

Flexible Data Protection Resource

If your DPO or data protection manager needs additional support, access to a second opinion or extra pairs of hands during a busy period, we can help on a retained or pay as you go basis.

We can help with a full range of tasks including DPIAs, risk assessments, legitimate interests assessments, records of processing, subject rights requests, data processing agreements, customer questionnaires, supplier due diligence and more.

Our DPOs Can Assist With

Records of Processing
Privacy Notices
Data Protection Impact Assessments
Data Protection by Design
Privacy Programme Management
Data Mapping
Policy Creation
Risk Assessments
Data Processing Agreements
Data Breaches
Subject Rights & SARs
International Transfers
Legitimate Interests Assessments
Supply Chain Due Diligence
Processing Security
Marketing & PECR
Employee Awareness
Internal Auditing

Frequently Asked Questions

Do we need a DPO?

That depends on the nature of your organisation and your data processing activities.

The GDPR mandates the designation of a DPO where:

  • Processing is carried out by a public authority or body, except for courts acting in their judicial capacity;
  • The core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  • The core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 of GDPR or personal data relating to criminal convictions and offences referred to in Article 10 of GDPR.

We can help you determine whether you need to designate a DPO or, if not, how you should manage your data protection obligations.

What will the DPO do?

First and foremost, your DPO will perform the tasks mandated by the GDPR at Article 39. These cover:

  • Informing and advising you and your employees on your GDPR and member state data protection obligations
  • Monitoring compliance with GDPR, member state data protection laws and with your data protection policies, including in relation to responsibilities, training, awareness and internal auditing
  • Advising on Data Protection Impact Assessments
  • Co-operating with data protection regulators on your behalf
  • Acting as your organisation’s contact point with data protection regulators

In addition, your DPO can manage your overall privacy programme and assist on the matters listed in the section immediately above.

Who will our DPO be?

You’ll get a named DPO and their contact details rather than just a generic telephone number. They will be backed by a wider team of specialists with skills and experience in data protection, e-privacy, information security, HR, IT and law.

Your DPO will want to understand your organisation and get to know your key personnel, your services and the types of customers you work with. They will also want to learn more about your culture, working practices and approach to compliance.

What does it cost?

Our DPO-as-a-Service packages start at £500 per month for 12 months. For that you’ll get telephone and email access to a virtual Data Protection Officer for an agreed number of hours each month during normal working hours.

It’s likely, though, that you’ll want a DPO service that’s tailored to your specific needs rather than a package. That’s how most of our clients prefer to work. If so, we’ll work with you to define a cost effective DPO service that works for you.

What hours will the DPO work?

Our DPOs can work or be on-call during the hours you need.

Most commonly, we provide DPO services during normal business hours, sometimes with on-call coverage out of hours.



Need a DPO?

Please get in touch. You can call us or request a call back using our contact form. We’d love to talk with you and promise no hard sell.

Get In Touch

Our other GDPR & Data Protection Services