Service

DataLaws Training DPO as a Service

Now that many African countries have enacted their data protection and or privacy laws a number make it mandatory to appointment a DPO for all public authorities and other organisations where the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data”.

The role of the DPO involves many complex and diverse tasks and it is recognised that the talent pool for this role is scarce. This makes the task of employing a suitable DPO challenging, time consuming and expensive.
These laws outline the following tasks a DPO is expected to perform as part of their role.

  • Serving as a point of contact for data subjects and supervisory authorities
  • Raising awareness within the organisation of data processing requirements and other relevant and applicable data protection and privacy laws
  • Monitoring the organisation’s compliance with the law
  • Monitoring data privacy risks arising from the organisation’s activities
  • Ensuring staff are trained and aware of data processing requirements
  • Conducting data protection and privacy impact assessments (DPIA)
  • Maintaining records of processing (RoDP) (ROPA)
  • Undertake data security and processing audits

Majority of these laws permit organisations to appoint an external DPO based on a service contract basis, to that end, DataLaws Training has created its Data Protection Office as a Service offering to clients who do not want to employ an internal DPO or who are finding it difficult to recruit the right person to fulfil the role.

DataLaws DPO as a service offers the following:

  • Advice and Consultation on Data Protection and Privacy Related Compliance Issues
  • Data Protection Gap analysis and report
  • DPO Target Operating Model (TOM)
  • 3rd Party Supplier Contract Review
  • Records of Processing Legal Bases Assessments and Maintenance
  • Data Privacy Impact Assessments
  • Data Protection and Privacy Risk Register Maintenance and Oversight
  • Data Protection & Privacy Policy and Procedure Review and Uplift
  • Data Breach Monitoring, Management and Reporting
  • Subject Right Requests and Responses
  • Data Protection and Privacy Awareness Training
  • Supervisory Authority Query Responses
  • Advice on Technical and Organisational Requirements to Reduce and Mitigate Personal Data Loss
  • Overseas Data Transfer Requirements
  • Fair Process Notice Wording Assessment
  • Cookie Banner Wording Review
  • Senior Executive and Board Meeting Briefings

DataLaws offers the following DPO as a Service Models:

  • Remote Off-site: This model is suitable for organisations who prefer long term or ad-hoc DPO services. DataLaws provides you with an experienced DPO as required by your needs. This model is designed to save you costs as well as allow you to develop long term strategic DPO target operating model suitable to your organisations business strategy and data subject risk profile.