The GDPR requires the appointment of a DPO (Data Protection Officer), i.e. a person responsible for the protection of personal data in cases where your company, by the nature of its activity:
A DPO is needed so that all processes for protecting personal data have a single owner (process owner), who coordinates the efforts of many departments and is responsible for it. In addition, a DPO will be able to help the organization in maintaining its GDPR compliance as:
It is good to have a competent DPO on staff, as:
However, there are very few competent DPOs available for hire. According to some estimates, in the EU alone, it is now necessary to hire more than 75,000 full-time DPOs. Trained specialists are sorely lacking even in Western Europe.
Therefore, domestic companies often appoint a member of their existing staff to act as a DPO, increasing the employee’s workload, as well as investing considerable time and money in GDPR training, such as our Data Privacy Professional course.
At the same time, there is always a risk that the DPO trained with your resources will leave you for another company, where s/he has been offered better conditions.
It is also common for an employee, assigned as a part-time DPO, to postpone personal data tasks to focus on her/ his main job in the company.
Let’s say an information security officer takes on the role of the company’s DPO. Most likely due to her/his main area of expertise, such DPO will be primarily concerned with technical measures related to information security, rather than informing data subjects about personal data collected by the company. And s/he will certainly not be able to correctly draft documents such as a privacy policy or a contract with a data processor.
A lawyer appointed as a Data Protection Officer, on the other hand, might handle the task of drafting necessary documents better but fail at implementing technical measures that s/he does not understand.
In accordance with the Regulation, the DPO function can be outsourced.
This is often the most profitable solution, as you get an experienced and competent specialist who is able to make GDPR related decisions quickly and can be held accountable for them.
What benefits will your company gain as a result?
Transfer personal and organizational responsibility for the GDPR related tasks to competent professionals and a specialized company:
And most importantly: our experts genuinely love and cherish their work, unlike the employee who has been assigned to deal with the GDPR, and for whom it is just “another headache”.
A DPO should be appointed, according to the Regulation for as long as the main activity of your company falls under Article 37 of the GDPR.
We conclude contracts for outsourcing this role for 1 or 2 years. And extend them as necessary.
Such a long period of time is necessary because our DPOs usually begin their work by bringing your company into compliance with the GDPR. This task alone can take several years, subject to the active cooperation of your staff. Therefore, we recommend that you order the “Full” service package.
Going forward, a DPO will be required for any changes in the company, such as a new project, process or branch, new employees or contractors. But her/his involvement may be lower, and fewer hours of work will be required.
Getting acquainted with the activities of your company and audit of the current situation. GDPR non-compliance analysis (gap-analysis).
Bringing your company to an acceptable level.
Maintaining the achieved level of compliance. Aligning emerging projects and processes.
Fill out the form and you will:
✓Be able to ask questions in the field of personal data protection.
✓ Find out if this product is suitable for your company or project.
✓ Get directions on cost, duration, and other details.
We will be happy to talk and schedule an online meeting with a privacy expert!
P.S. Seemed that none of the services listed on the site is suitable for you?
Describe your situation in the "Comment" field. We are very flexible and always offer customized solutions.