Your remote DPO Service
Trust
We will act as your named Data Protection Officer in order to support both internal and external queries.
Support
We will provide guidance and support should any breaches occur, including liaison with the Information Commissioner's Office (ICO)
Reassurance
We will provide subject matter knowledge to support your projects and initiatives either through DPIAs or ad-hoc queries.
Outsourced Data Protection Officer (DPO):
What are the requirements of the DPO role?
- Review and provide guidance on privacy policies, procedures and documentation relating to the processing of personal data (GDPR Article 39(1)(a))
- Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) (GDPR Article 39(1)(a))
- Advise on the necessity for a DPIA, the manner of its implementation and outcomes (GDPR Article 39(1)(c))
- Provide guidance on data breach monitoring, management, and reporting (Article 39(1)(a))
- Serve as the contact point for data protection authorities for all data protection issues (Article 39(1)(d) and (e)).
- Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) (Article 38(4)).
- Facilitate GDPR awareness training and the training of staff involved in data processing operations.
- Monitor compliance with the GDPR (Article 39(1)(b))
What you'll get as part of the service:
As part of the service we will:
- act as the named Data Protection Officer for your organisation
- respond to queries from the ICO, staff or your customers with regards to Data Protection
- attend any key management meetings to provide an update/report on Data Protection compliance
- maintain your registration with the Information Commissioner (ICO) (however you remain liable for payment of the fee)
- recommend trusted suppliers of any ‘EU representative’ services you may need for any EU related services
As part of the service we will:
- provide you with a report (annually) on the current status of your Data Protection framework
- support you with annual reviews of the framework
- report quarterly on the number of DPIAs, incidents, breaches, complaints etc
- agree with you a set of KPI’s and KRI’s to be reported on at an agreed period
As part of the service we will work with you to ensure a compliance framework is established which includes all aspects of this service, template documents for things like DPIAs etc. The full list includes:
- Template DPIA and procedure
- Template privacy notice structures
- Template policies and procedures
- Template ROPA & IAR templates
- Template incident reports and procedures
- Template right procedure and response letters
We’ll also use this framework to track progress, aligns risks and highlight areas for development.
As part of the service we will:
- Provide advice and guidance to staff on general queries within an agreed timeframe
- Act as the Data Protection SME for reviews of Data Protection Impact Assessments (DPIAs)
- Provide basic advice and guidance on any projects and initiatives (larger projects may require separate hours and rates)
- Support the organisation with raising awareness and culture change with advice and guidance on content and key messages to promote
- Support in the mapping out of Data Processing activities to keep registered in a central records of processing activities register (ROPA)
As part of the service we will:
- Act as the DPO for any incidents requiring DPO review and analysis
- Provide you with an assessment of actions needed for any incident, including advice on reporting any breaches to the ICO
- Acting as the point of contact for the ICO where agreed
- Provide key leadership figures with any updates and advice/guidance on any breaches
- Provide ‘lessons learned’ and reflective knowledge sharing post incident
As part of the service we will:
- Support your staff in the collating and handling of any rights requests
- Advise on appropriate exemptions, their practical application and other steps needed to successfully handle the request
- Act as the complaints officer for any complaints made about rights requests
- Provide template wording and procedures for handling rights requests
As part of the service we will;
- handle any complaints made about how the organisation handles personal data
- handle any complaints made about how the organisation handles rights requests
- handle any complaints made to the Information Commissioner about the above
- provide template wording and a procedure for handling complaints
As part of the service we will;
- provide staff with annual awareness training on Data Protection
- provide specialist training for key roles where agreed
- get involved in general awareness and guidance programmes
- support the growth of a data-aware culture
- provide guides, stories and other materials to support culture and key skills
Costs & Pricing:
Micro
1-10 employees-
Tailored DPO Service
-
Approx 14 hours support a month
-
Off the shelf templates
Small
11-250 employees-
Standard DPO Service
-
Approx 28 hours support a month
-
Off the shelf templates
-
Starting audit which is developed into a forward action plan and access to templates
Medium
251-500 employees-
Standard DPO Service
-
Approx 42 hours support a month
-
Off the shelf templates
-
Starting audit which is developed into a forward action plan and access to templates
-
Additional Board reporting, training and access to software discounts
Corporate
501+ employees-
Standard DPO Service
-
Approx 42 hours support a month
-
Off the shelf templates customised to match your brand and style
-
Starting audit which is developed into a forward action plan and access to templates
-
Additional Board reporting, training and access to software discounts
-
Tailored services based on your needs