The Outsourced Data Protection Officer (DPO) service is designed to satisfy an organisation’s legal responsibility to designate a DPO, whether that be mandatory or voluntary.
If you are lawfully required to appoint a DPO, or choose to appoint one voluntarily – consider an outsourced Data Protection Officer arrangement.
We are an established data protection and information security consultancy with international experience, our team are involved in outsourced DPO responsibilities across different business sectors and provide invaluable expert advice.
Under business as usual (BAU) the Outsourced DPO undertakes or commissions the following tasks:
- reviewing documentation (e.g. policies and procedures)
- attending client sites to monitoring work practice compliance
- providing training/raising awareness about data protection issues/priorities
- undertaking or advising on DPIAs, security incident investigations, or rights requests
- advising on processor contracts and sharing agreements
- undertaking periodic data compliance audits
- submitting periodic compliance assurance reports to senior management
- liaison with and representing the client to the ICO and data subjects
- testing information security controls
The DPO will also maintain or check the maintenance of:
- information asset registers
- appropriate privacy information
- personal data breach logs
- data subject rights request logs
- information risk register
- other elements of the information governance framework
Providing we can undertake the function of a Data Protection Officer as envisaged by the law, we will work with you to design an appropriate outsourced DPO service that meets your operational needs, your budget, and ensures you remain within the law with regard to the role and responsibilities of the DPO.
Our account support team in Leeds will send to you, at the end of every month, a statement of the time expended on the provision of the outsourced DPO service making for transparency and accountability.
Click here to discuss how we can help you with outsourcing a DPO.
Send us a Message
Age Appropriate Design
The Age Appropriate Design Code of Practice (AADCOP) is an extension of the Data Protection Act 2018 that affects providers of information society services (services... Read More
GDPR Radio – News & Views
Tune-in and listen to our latest episode of GDPR Radio! 🎙️ GDPR Radio is a series of events run by the DPP. It is a... Read More
PECR: Direct Marketing
The Direct Marketing guidance in the Privacy and Electronic Communications Regulations (PECR) is 58 pages long and can be found on the ICO website. Alternatively, if you... Read More
Recent Cyber-Attack On Council’s: The Impact On Privacy Within Education Explained
Several schools across Bristol have been left without access to their computers and essential personal data – after being targeted by cybercriminals. A spokesperson for... Read More
GDPR Radio – News & Views
Click the link below to listen to our 3rd ever episode of GDPR Radio! GDPR Radio is a new series of events from the DPP.... Read More
Click the link below to listen to our second ever episode of GDPR Radio! GDPR Radio is a new series of events from the DPP.... Read More