Why outsource your Data Protection Officer?
Save money
Outsourcing data protection is cost-effective and saves on recruitment costs, overheads and holiday cover.
Qualified consultants
All our DPOs are qualified & certified GDPR practitioners, so you’re guaranteed to get expert support.
Technical expertise
Our DPOs work across many industries and sectors, so you’ll get a depth of experience to help your business.
Legal support
Bulletproof data protection officers are backed by privacy lawyers, ensuring our work always meets your legal requirements.
What is a data protection officer?
A Data Protection Officer (DPO) is an experienced data protection consultant who helps your business meet and maintain data protection regulations, as well as give advice and guidance on all data privacy matters. A DPO plays a crucial role in protecting personal data within your organisation, helping maintain GDPR compliance.
How can a DPO help?
A DPO consultant can help with all data protection related matters, including monitoring internal compliance, informing on data protection obligations, and acting as a contact point for the supervisory authority and data subjects. The responsibilities of a DPO include:
- ICO registration
- Data breach support and response (including liaison with the ICO)
- Breach response
- Data subject access request support (SAR)
- Policy and procedure support and advice
- UK GDPR Representation
- Data mapping support and advice
- Data Protection Impact Assessments (DPIAs)
- Assisting with customer questionnaires and due diligence
- General GDPR support
- Arranging GDPR staff training
Flexible outsourced DPO packages
Each of our DPO packages offers a flexible approach to virtual delivery – whether you prefer to communicate through calls, video conferences or emails, we’re here to help.
Additional hours/days can be purchased on an ad hoc basis.
| Small Business | Medium Business | Large Business | |
|---|---|---|---|
| Suitable for | Businesses with up to 20 employees | Businesses with 21-200 employees | Businesses with over 201 employees |
| Gap analysis required? |  |  | |
| DPO time | Typically 4 hours per month | Typically one day per month | Customised to suit your requirement |
| Kick-off call | | | |
| Monthly progress call | | | |
| GDPR training portal (beginners & advanced) | | | |
| Annual audit | | | |
| Price | From £595 /month (ex VAT) | From £995 /month (ex VAT) | £POA |
Note: A GDPR Gap analysis is required for medium and large businesses before the DPO service can commence.
Meet a Bulletproof Data Protection Officer
Ever since GDPR came into effect I'm often asked by people if their company needs a DPO. Whether you legally need one or not, appointing a DPO is a very good idea. In fact, the ICO recommends that every organisation, regardless of size, or type appoints a DPO. This is so that your organisation has someone authoritative who can look after all things data protection and, crucially, help manage your GDPR compliance.
Is a DPO mandatory?
A DPO is mandatory if your company is a public body, your core activities involve large-scale regular and systematic monitoring of individuals, or if your business processes special category data. If your organisation falls into any of these categories, you’re legally required to appoint a data protection officer.
Your expert data protection consultants
Our DPOs are certified GDPR practitioners and data privacy experts. We support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of data protection. With flexible packages at cost effective rates, you get the service your organisation needs to get ahead of your UK & EU GDPR obligations with an outsourced DPO.
Legal and technical expertise included
An outsourced DPO form Bulletproof can support your business beyond data protection. In addition to access to our certified data protection consultants, we also give access to robust information security guidance, supported by the award-winning IP law firm, HGF. Bulletproof provides a range of cyber security and compliance services, and your DPO can arrange preferential rates for whatever your business needs.
Here’s what our customers say about us
The Belron Group has over 18 million customers around the world, therefore data protection must be at the forefront of our operations. Bulletproof's team are clearly very experienced and their knowledge enabled us to cultivate a privacy-by-design model across our Autoglass brand. Their expertise has been invaluable in helping us protect our customers' personal data.
Choosing Bulletproof as our DPO gives us peace of mind that we’ve got a friendly, knowledgeable consultant to help us with our data protection obligations. With our international client base spanning 25 countries, it’s reassuring to know that we have global data privacy and data protection expertise on-tap.
Appointing Bulletproof as our Data Protection Officer was one of the best business decisions we have made. They have been first class from the tender process right through to the current day. Their guidance and support not only serve as a comfort blanket but has enabled us to grow the business at a rate that would not have been possible had we not partnered with them.
We’re proud to have achieved the highest rating possible for our first NHS DSP Toolkit submission, which is in part a result of the support and guidance we received from Bulletproof’s expert consultants. They provided us with greater confidence to complete our assessment accurately and on time.
Get a fast DPO quote
Let our team of qualified, experienced DPOs manage your data protection obligations
Outsourced Data Protection Officer FAQs
What does a data protection officer do?
A Data Protection Officer (DPO) is the person responsible for:
- Acting as the liaison between the company, the data subjects and regulatory bodies including the ICO
- Identifying and ensuring the delivery of training and awareness programmes for employees and contractors
- Complying with article 30 of GDPR
- Conducting regular audits to ensure compliance is maintained and ensuring policies and procedures are regularly reviewed and updated where required
- Overseeing/supervising Data Protection Impact Assessments (DPIAs)
- Managing a data breach
- Keeping up to date with the latest data privacy legislation and rulings by the EDPB and Supervisory Authorities
- Having an in-depth understanding of GDPR as well as information technology and data security
- Avoiding a conflict of interest
- Reporting to highest levels of management and autonomy
Find out more about what a DPO does in this article.
Why should we outsource our DPO?
Outsourcing data protection to a qualified data protection consultant is more cost-effective than an internal hire, as you only pay for the hours you need. Using a Data Protection Officer as a service can also help you to access a team of certified GDPR practitioners, data protection professionals and technical experts rather than relying on one employee to provide all the required expertise.
Who needs to appoint a Data Protection Officer?
The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data. Although other organisations are not legally required to have a DPO, the ICO recommends every organisation appoints a DPO to comply with the GDPR, manage data protection and avoid fines.
Who does the GDPR apply to?
Any organisation that processes personal data must comply with the GDPR. “Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc. “Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye colour, political affiliation, and so on.
Can a DPO help with GDPR implementation?
We can include GDPR implementation as part of any of our outsourced DPO service packages. This usually involves extra time allocation while the GDPR implementation is being carried out. Once complete you can easily scale back DPO contact hours depending on the needs of your business.
Can we add time onto our DPO package?
You have the option to add more hours to an ongoing contract as and when you need them for large policy or procedure reviews, data breach support or any other circumstance where you need more dedicated DPO time.
Can you help with Data Subject Access Requests? (DSARs)
Our data protection consultants can provide support and advice on how to handle data subject access requests, guiding you on what to so when you receive one as part of your compliance action plan.
Do you operate in our sector?
UK GDPR and EU GDPR apply to all companies depending on your location, although some parts of the legislation may not be relevant for your business, such as the processing of children’s data and profiling of individuals. At Bulletproof, out seasoned data protection consultant work across many public and private sectors, and have expertise in a variety of industries.
DPO resources
Trusted cyber security & compliance services from a certified provider
