DataLaws DPO as a Service

Now that the General Data Protection Regulation (GDPR) has come into effect, many organisations are now required to appoint a Data Protection Officer (DPO).
Article 37 of the (GDPR) makes it mandatory to appointment a DPO for all public authorities and other organisations where the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data”.
The role of the DPO involves many complex and diverse tasks and it is recognised that the talent pool for this role is scarce. This makes the task of employing a suitable DPO challenging, time consuming and expensive.
The GDPR outlines the following tasks a DPO is expected to perform as part of their role.

  • Serving as a point of contact for data subjects and supervisory authorities
  • Raising awareness within the organisation of data processing requirements under the GDPR and other relevant and applicable data protection and privacy laws
  • Monitoring the organisation’s compliance with the GDPR
  • Monitoring data privacy risks arising from the organisation’s activities
  • Ensuring staff are trained and aware of data processing requirements
  • Conducting data protection and privacy impact assessments (DPIA)
  • Maintaining records of processing (RoDP)
  • Undertake data security and processing audits

The GDPR permits organisations to appoint an external DPO based on a service contract basis, to that end, DataLaws has created its Data Protection Office as a Service offering to clients who do not want to employ an internal DPO or who are finding it difficult to recruit the right person to fulfil the role.

DataLaws DPO as a service offers the following:

  • Advice and Consultation on Data Protection and Privacy Related Compliance Issues
  • GDPR/Data Protection Act 2018 and Privacy of Electronic Communications Gap analysis and report
  • DPO Target Operating Model (TOM)
  • 3rd Party Supplier Contract Review
  • Records of Processing Legal Bases Assessments and Maintenance
  • Data Privacy Impact Assessments
  • Data Protection and Privacy Risk Register Maintenance and Oversight
  • Data Protection & Privacy Policy and Procedure Review and Uplift
  • Data Breach Monitoring, Management and Reporting
  • Subject Right Requests and Responses
  • Data Protection and Privacy Awareness Training
  • Supervisory Authority Query Responses
  • Advice on Technical and Organisational Requirements to Reduce and Mitigate Personal Data Loss
  • Overseas Data Transfer Requirements
  • Fair Process Notice Wording Assessment
  • Cookie Banner Wording Review
  • Senior Executive and Board Meeting Briefings

DataLaws offers the following DPO as a Service Models:

  • Interim Onsite. This model is suitable for organisations who need an individual on site to assist with both strategic and BAU Data Protection and Privacy related activities. We recommend this model for organisations who are developing their Data Protection and Privacy Frameworks from scratch. This model will also suit organisations whose data protection officers are leaving and as a result require handover to an individual with DPO experience prior to employing a successor.
  • Off-site: This model is suitable for organisations who prefer long term or ad-hoc DPO services. DataLaws provides you with an experienced DPO as required by your needs. This model is designed to save you costs as well as allow you to develop long term strategic DPO target operating model suitable to your organisations business strategy and data subject risk profile.