Why outsource your Data Protection Officer?

Save money

Save money

Outsourcing is a cost-effective solution that saves on recruitment costs, overheads and holiday cover.

Qualified consultants

Qualified consultants

Our DPOs are certified EU GDPR practitioners guaranteeing to receive expert advice and support.

Technical expertise

Technical expertise

As part of a wider cybersecurity team, our DPOs provide technical advice & guidance beyond data protection.

Legal support

Legal support

Our DPO service is backed by privacy lawyers to ensure that our work always meets your legal requirements.

How can a DPO help you?How can a DPO help you?

How can a DPO help you?

A DPO is appointed to monitor internal compliance, inform on data protection obligations and act as a contact point for the supervisory authority and data subjects. The responsibilities of a DPO include:

  • ICO registration
  • Data breach support and response (including liaison with the ICO)
  • Breach response
  • Data subject access request support (SAR)
  • Policy and procedure support and advice
  • Data mapping support and advice
  • Data Protection Impact Assessments (DPIAs)
  • Assisting with customer questionnaires and due diligence
  • GDPR and information security awareness training

Your GDPR compliance experts

GDPR states that certain organisations (such as public authorities or those processing sensitive data) are legally required to have a Data Protection Officer, and the ICO recommends every organisation appoints one to manage data privacy effectively. We understand that each organisation works differently and has individual requirements, therefore we have tailored our managed-service packages to suit any business, of any size.

Our DPOs are certified GDPR practitioners and data privacy experts. We support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of data protection. With flexible packages at cost effective rates, you get the service your organisation needs to get ahead of your GDPR obligations.


Our DPO packages

Each of our DPO packages offers a flexible approach to virtual delivery – whether you prefer to communicate through calls, video conferences or emails, we’re here to help.

Additional hours/days can be purchased on an ad hoc basis.

Outsourced Data Protection Officers
Small BusinessMedium BusinessLarge Business
Suitable forBusinesses with up to 20 employeesBusinesses with 21-200 employeesBusinesses with over 201 employees
Gap analysis required?Crossed circle iconChecked circle iconChecked circle icon
DPO timeTypically 4 hours per monthTypically one day per monthCustomised to suit your requirement
Kick-off callChecked circle iconChecked circle iconChecked circle icon
Monthly progress callChecked circle iconChecked circle iconChecked circle icon
GDPR training portal
(beginners & advanced)
Checked circle iconChecked circle iconChecked circle icon
Notifications service*Checked circle iconChecked circle iconChecked circle icon
Annual auditCrossed circle iconCrossed circle iconChecked circle icon
PriceFrom £595 /month
(ex VAT)
From £995 /month
(ex VAT)
£POA

Note: A GDPR Gap analysis is required for medium and large businesses before the DPO service can commence.

*Notification service coming soon. Please speak to your Bulletproof account manager for more information.


Cloud security assessments at BulletproofCloud security assessments at Bulletproof

Legal and technical expertise

Certified GDPR practitioners and legal expertise.

Our DPOs operate within a wider cyber security team for a robust understanding of information security and are supported by the lawyers at HGF.com


Here’s what our customers say about us

Get a quote today

Let our team of qualified, experienced DPOs manage your data protection obligations

For more information about how we collect, process and retain your personal data, please see our privacy policy.


Data Protection Officer FAQs

What is a Data Protection Officer?

A Data Protection Officer (DPO) is the person responsible for:

  1. Acting as the liaison between the company, the data subjects and regulatory bodies including the ICO
  2. Identifying and ensuring the delivery of training and awareness programmes for employees and contractors
  3. Complying with article 30 of GDPR
  4. Conducting regular audits to ensure compliance is maintained and ensuring policies and procedures are regularly reviewed and updated where required
  5. Overseeing/supervising Data Protection Impact Assessments (DPIAs)
  6. Managing a data breach
  7. Keeping up to date with the latest data privacy legislation and rulings by the EDPB and Supervisory Authorities
  8. Having an in-depth understanding of GDPR as well as information technology and data security
  9. Avoiding a conflict of interest
  10. Reporting to highest levels of management and autonomy

Find out more about what a DPO does in this article.

Why should we outsource our DPO?

Outsourcing a data protection officer is more cost-effective than an internal hire, particularly as you only pay for the time you require (save on overheads, holiday cover etc). You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.

Are we legally required to have a DPO?

The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.

Although other organisations are not legally required to have a DPO, the ICO recommends every organisation appoints a DPO to comply with the GDPR, manage data protection and avoid fines.

Who must comply with the GDPR?

Any organisation that processes the personal data of people in the EU must comply with the GDPR.

“Processing” is a broad term that covers just about anything you can do with data: collection, storage, transmission, analysis, etc.

“Personal data” is any information that relates to a person, such as names, email addresses, IP addresses, eye colour, political affiliation, and so on.

Even if an organization is not connected to the EU itself, if it processes the personal data of people in the EU (via tracking on its website, for instance), it must comply.

The GDPR is also not limited to for-profit companies.

Can our DPO help with GDPR implementation?

A GDPR implementation can easily coincide with any of the DPO packages we offer. It would usually entail additional hours/days spread across the first few months. Once implementation is complete, DPO time would drop to the standard allocation per month. For more information, please contact us to discuss your requirements.

What if we need more than the set hours/days in our DPO package?

Additional time can be added on an ad hoc basis. This can be used for implementation, large policy or procedure reviews, data breach support or any other instance where you need more dedicated time with your DPO.

Can you help with data subject access requests?

Yes, our team can provide support and advice on how to handle data subject access requests. As part of any action plan for compliance, we would guide you on developing a procedure to follow in the event of you receiving one.

Do you operate in our sector?

The GDPR applies to all companies and organisations in equal measure although some parts of the legislation may not apply to your business, such as the processing of children’s data and profiling of individuals. At Bulletproof, we have across many sectors both public and private, we are confident that we can help with GDPR compliance in any environment.

DPO resources

Our experts are the ones to trust when it comes to your cyber security

CREST approvedCREST approvedCREST approved
Payment card industry data security standardPayment card industry data security standardPayment card industry data security standard
ISO 27001 certifiedISO 27001 certifiedISO 27001 certified
ISO 9001 certifiedISO 9001 certifiedISO 9001 certified
Government G-Cloud supplierGovernment G-Cloud supplierGovernment G-Cloud supplier
Crown commercial service supplierCrown commercial service supplierCrown commercial service supplier
Cyber EssentialsCyber EssentialsCyber Essentials
Cyber Essentials PlusCyber Essentials PlusCyber Essentials Plus