DPO-as-a-Service

Who NEeds A dpo?

​GDPR Article 37 requires that organisations appoint a DPO where their core activities:

  • Are Public authorities or bodies

  • Require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking, location monitoring, facial recognition etc.)

  • Consist of large scale processing of special categories of data or data relating to criminal convictions and offences

What is A dpo?

Articles 37-39 of the ​GDPR explains the skills, position and task of the DPO. In summary these are:

  • To help monitor internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority (e.g. the UK's ICO).

  • Must be independent, an expert in data protection, adequately resourced, and report to the highest management level.

  • Can be an existing employee or externally appointed.

  • Helps demonstrate compliance and form part of the enhanced focus on accountability.

Examples of small tech companies requiring a DPO include Mental Health Apps, GPS Monitoring of Fleet or Rental Vehicles, School Security System using Facial Recognition, Fitness and Wellness Apps inc. those linked to wearable devices

dpo-as-a-service

Despite rumours to the contrary, there are no exemptions for small businesses requiring a DPO. Employing a full-time DPO is obviously an expensive proposition for a small business, which is where our DPO-as-Service comes in.  

Features

  • A named DPO for the duration of the contract (minimum 1-year)

  • Highly skilled in the tech-sector with strong security knowledge and technical understanding

  • Expert in GDPR legislation and certified by the International Association of Privacy Professionals

  • Strong knowledge of worldwide privacy legislation including COPPA, CCPA, HIPPA, PIPEDA, APEC Privacy Framework, PIPA and APPI

  • Extensive industry experience of Project Management, training, sales, marketing, R&D, and Finance

Benefits

  • DPO understands your business and becomes 'part of the team'

  • Unlike most lawyers, 'gets technology' and the potential 'risks of harm' from a privacy perspective

  • DPO's must be expert in GDPR legislation. In addition, a lot of WW legislation is based to some extent on GDPR

  • Worldwide Apps or Services will need to comply with all relevant privacy legislation worldwide and breach requirements

  • Data Privacy can have implications across all aspects of the organisation. Having a strong understanding of these functions helps in 'speaking the same language' and getting the teams on-board

Yearly contract billed monthly at £1,500 / month

© 2019 by Data Compliance Specialists

Brighton | East Sussex | 07541-772078