What is data protection officer?
Learn more
Hassle-free compliance with certified experts leaving you to run your business
Get a quoteOutsourcing is a cost-effective solution that saves on recruitment costs, overheads and holiday cover.
Our DPOs are certified EU GDPR practitioners guaranteeing to receive expert advice and support.
As part of a wider cybersecurity team, our DPOs provide technical advice & guidance beyond data protection.
Our DPO service is backed by privacy lawyers to ensure that our work always meets your legal requirements.
A DPO is appointed to monitor internal compliance, inform on data protection obligations and act as a contact point for the supervisory authority and data subjects. The responsibilities of a DPO include:
GDPR states that certain organisations (such as public authorities or those processing sensitive data) are legally required to have a Data Protection Officer, and the ICO recommends every organisation appoints one to manage data privacy effectively. We understand that each organisation works differently and has individual requirements, therefore we have tailored our managed-service packages to suit any business, of any size.
Our DPOs are certified GDPR practitioners and data privacy experts. We support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of data protection. With flexible packages at cost effective rates, you get the service your organisation needs to get ahead of your GDPR obligations.
Each of our DPO packages offers a flexible approach to virtual delivery – whether you prefer to communicate through calls, video conferences or emails, we’re here to help.
Additional hours/days can be purchased on an ad hoc basis.
Small Business | Medium Business | Large Business | |
---|---|---|---|
Suitable for | Businesses with up to 20 employees | Businesses with 21-200 employees | Businesses with over 201 employees |
Gap analysis required? | |||
DPO time | Typically 4 hours per month | Typically one day per month | Customised to suit your requirement |
Kick-off call | |||
Monthly progress call | |||
GDPR training portal (beginners & advanced) | |||
Notifications service* | |||
Annual audit | |||
Price | From £595 /month (ex VAT) | From £995 /month (ex VAT) | £POA |
Note: A GDPR Gap analysis is required for medium and large businesses before the DPO service can commence.
*Notification service coming soon. Please speak to your Bulletproof account manager for more information.
Certified GDPR practitioners and legal expertise.
Our DPOs operate within a wider cyber security team for a robust understanding of information security and are supported by the lawyers at HGF.com
Let our team of qualified, experienced DPOs manage your data protection obligations
A Data Protection Officer (DPO) is the person responsible for:
Find out more about what a DPO does in this article.
Outsourcing a data protection officer is more cost-effective than an internal hire, particularly as you only pay for the time you require (save on overheads, holiday cover etc). You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.
The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.
Although other organisations are not legally required to have a DPO, the ICO recommends every organisation appoints a DPO to comply with the GDPR, manage data protection and avoid fines.
Any organisation that processes the personal data of people in the EU must comply with the GDPR.
“Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc.
“Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye colour, political affiliation, and so on.
Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply.
The GDPR is also not limited to for-profit companies.
A GDPR implementation can easily coincide with any of the DPO packages we offer. It would usually entail additional hours/days spread across the first few months. Once implementation is complete, DPO time would drop to the standard allocation per month. For more information, please contact us to discuss your requirements.
Additional time can be added on an ad hoc basis. This can be used for implementation, large policy or procedure reviews, data breach support or any other instance where you need more dedicated time with your DPO.
Yes, our team can provide support and advice on how to handle data subject access requests. As part of any action plan for compliance, we would guide you on developing a procedure to follow in the event of you receiving one.
The GDPR applies to all companies and organisations in equal measure although some parts of the legislation may not apply to your business, such as the processing of children’s data and profiling of individuals. At Bulletproof, we have across many sectors both public and private, we are confident that we can help with GDPR compliance in any environment.