Who NEeds A dpo?

​GDPR Article 37 requires that organisations appoint a DPO where their core activities:

  • Are Public authorities or bodies

  • Require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking, location monitoring, facial recognition etc.)

  • Consist of large scale processing of special categories of data or data relating to criminal convictions and offences

What is A dpo?

Articles 37-39 of the ​GDPR explains the skills, position and task of the DPO. In summary these are:

  • To help monitor internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority (e.g. the UK's ICO).

  • Must be independent, an expert in data protection, adequately resourced, and report to the highest management level.

  • Can be an existing employee or externally appointed.

  • Helps demonstrate compliance and form part of the enhanced focus on accountability.

Examples of small tech companies requiring a DPO include Mental Health Apps, GPS Monitoring of Fleet or Rental Vehicles, School Security System using Facial Recognition, Fitness and Wellness Apps inc. those linked to wearable devices


Despite rumours to the contrary, there are no exemptions for small businesses requiring a DPO. Employing a full-time DPO is obviously an expensive proposition for a small business, which is where our DPO-as-Service comes in.  


  • A named DPO for the duration of the contract (minimum 1-year)

  • Highly skilled in the tech-sector with strong security knowledge and technical understanding

  • Expert in GDPR legislation and certified by the International Association of Privacy Professionals

  • Strong knowledge of worldwide privacy legislation including COPPA, CCPA, HIPPA, PIPEDA, APEC Privacy Framework, PIPA and APPI

  • Extensive industry experience of Project Management, training, sales, marketing, R&D, and Finance


  • DPO understands your business and becomes 'part of the team'

  • Unlike most lawyers, 'gets technology' and the potential 'risks of harm' from a privacy perspective

  • DPO's must be expert in GDPR legislation. In addition, a lot of WW legislation is based to some extent on GDPR

  • Worldwide Apps or Services will need to comply with all relevant privacy legislation worldwide and breach requirements

  • Data Privacy can have implications across all aspects of the organisation. Having a strong understanding of these functions helps in 'speaking the same language' and getting the teams on-board

Yearly contract billed monthly at £1,500 / month

© 2019 by Data Compliance Specialists

Brighton | East Sussex | 07541-772078