Not all companies require or can justify the expense of a full-time dedicated DPO, hence the popularity of using an external provider willing to tailor their service to your specific needs. Depending on your current situation, business area and number of employees, a bought-in DPO service for 1/2 – 5 days pcm could ensure that your GDPR business risks are understood and managed to minimise compliance risks.

“Mike did a great business analysis job for us (magic circle law firm) on GDPR, a very calm and competent individual”. – Jayne Adams, Senior Business Consultant, Clifford Chance LLP, Canary Wharf.

The DPO Services we provide can include :

• Management and advise on gathering, processing and storing of personal data.
• Review and advise on policies and procedure documents.
• Advise or running data protection impact assessments (DPIAs) to quantify the risks of current practices or business change.
• Conducting periodic data mapping exercises and compliance audits.
• Conducting security event/ incident investigations.
• Liaising with regulatory bodies in the event of a data breach.
• Action or advise on data subject rights requests.
• Advice, guidance and training on GDPR compliance.
• Advise on processor contracts and sharing agreements.
• Creation of periodic compliance assurance reports to senior management
• Tests of information security controls

The DPO Service might also include the maintenance of, or confirmation of the maintenance of:

• Information Asset Registers.
• Controller or Processor Documentation to prove accountability.
• Personal Data Breach logs.
• Data Subject Rights Request logs.
• Personal Information Risk Register.
• Other appropriate privacy information.
• Any other elements of the information governance framework.