Skip to main content

Data protection officer service

We can act as your Data Protection advice and support service - either as your formal 'Data Protection Officer (DPO)' or as simply a lead on all Data Protection and Information Governance issues to support internal services. 

The Data Protection Officer support service is aimed for small and medium size organisations to support them either with their DPO appointment and statutory obligations, or to just support them in how they can manage and engage with Data Protection and Privacy requirements for their customers and/or staff. 


The service has some standard elements outlined below and will have any additional services added and tailored to your needs as part of our proposal. Get in touch for a tailored quote and proposal, it's cheaper than you think! 

  • Review and provide guidance on privacy policies, procedures and documentation relating to the processing of personal data (GDPR Article 39(1)(a))
  • Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) (GDPR Article 39(1)(a))
  • Advise on the necessity for a DPIA, the manner of its implementation and outcomes (GDPR Article 39(1)(c))
  • Provide guidance on data breach monitoring, management, and reporting (Article 39(1)(a))
  • Serve as the contact point for data protection authorities for all data protection issues (Article 39(1)(d) and (e)).
  • Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) (Article 38(4)).
  • Facilitate GDPR awareness training and the training of staff involved in data processing operations.
  • Monitor compliance with the GDPR (Article 39(1)(b))

As part of the service we will:


  • act as the named Data Protection Officer for your organisation
  • respond to queries from the ICO, staff or your customers with regards to Data Protection
  • attend any key management meetings to provide an update/report on Data Protection compliance
  • maintain your registration with the Information Commissioner (ICO) (however you remain liable for payment of the fee)
  • recommend trusted suppliers of any ‘EU representative’ services you may need for any EU related services

As part of the service we will:


  • provide you with a report (annually) on the current status of your Data Protection framework
  • support you with annual reviews of the framework
  • report quarterly on the number of DPIAs, incidents, breaches, complaints etc
  • agree with you a set of KPI’s and KRI’s to be reported on at an agreed period

Includes all aspects of this service, template documents for things like DPIAs etc. The full list includes:


  • Template DPIA and procedure
  • Template privacy notice structures
  • Template policies and procedures
  • Template ROPA & IAR templates
  • Template incident reports and procedures
  • Template right procedure and response letters


We’ll also use this framework to track progress, aligns risks and highlight areas for development. 

As part of the service we will:


  • Provide advice and guidance to staff on general queries within an agreed timeframe
  • Act as the Data Protection SME for reviews of Data Protection Impact Assessments (DPIAs)
  • Provide basic advice and guidance on any projects and initiatives (larger projects may require separate hours and rates)
  • Support the organisation with raising awareness and culture change with advice and guidance on content and key messages to promote
  • Support in the mapping out of Data Processing activities to keep registered in a central records of processing activities register (ROPA)

As part of the service we will:


  • Act as the DPO for any incidents requiring DPO review and analysis
  • Provide you with an assessment of actions needed for any incident, including advice on reporting any breaches to the ICO
  • Acting as the point of contact for the ICO where agreed
  • Provide key leadership figures with any updates and advice/guidance on any breaches
  • Provide ‘lessons learned’ and reflective knowledge sharing post incident

As part of the service we will:


  • Support your staff in the collating and handling of any rights requests
  • Advise on appropriate exemptions, their practical application and other steps needed to successfully handle the request
  • Act as the complaints officer for any complaints made about rights requests
  • Provide template wording and procedures for handling rights requests

As part of the service we will;


  • handle any complaints made about how the organisation handles personal data
  • handle any complaints made about how the organisation handles rights requests
  • handle any complaints made to the Information Commissioner about the above
  • provide template wording and a procedure for handling complaints

As part of the service we will;


  • provide staff with annual awareness training on Data Protection
  • provide specialist training for key roles where agreed
  • get involved in general awareness and guidance programmes
  • support the growth of a data-aware culture
  • provide guides, stories and other materials to support culture and key skills

get in touch now for a tailored quote