Outsourced DPO, Virtual DPO
We offer a flexible DPO as a Service which adapts to your business.
You don’t know how much GDPR related work you are going to need day-by-day, week- by-week, and neither do we. Even if you know now, will it be the same next month or the month after.
Our flexible DPO as a Service means we provide only the time you need and you only pay for the time you use.
We recommend a set of services which we would expect the DPO to fulfil and we adapt the volume, time and effort to the demands of your business.
The basic service starts at £1,000 per month, for a nominal day per month of activities. The initial setup costs £2000.*
At the core of the DPO services are the activities required by the GDPR:
- Communication of the appointment of GDPR Auditing as your DPO
- Publishing of the contact details for the DPO on your Privacy Statement
- Initial status review of your GDPR readiness
- 1 Day Onsite to review your GDPR status to determine the governance structure under which the services will be provided
- 1 Day Nominally to review core GDPR documentation (this will typically cover up to 6 documents)
Based on our experience for the basic service GDPR auditing will allocate 8 hours per month nominally to fulfil the following tasks on demand
- Responding to subject requests coming into the named DPO mailbox, and passing those requests to you for fulfilment
- Providing any advice or guidance related to requests and responses
- Provide advice and guidance to you on all GDPR related matters
- To provide help and guidance, including reviews of DPIA’s as necessary
- All contact with the ICO as required by you or the ICO
- To monitor and review the effectiveness of your GDPR compliance including but not exclusively
- Making sure staff awareness training is taking place on schedule and recorded for accountability
- Advising you on raising and maintaining GDPR awareness throughout your organisation
- Assessing the information governance framework and it’s day-to-day effectiveness
We would recommend allocating 4 hours per quarter for an onsite face to face status review in addition to a quarterly service review.
GDPR Auditing are aware that client needs change day-to-day and month-to-month, because of this we provide these services on a flexible services basis.
What does that mean?
We will ensure the activities required by the regulation are taking place as well as keep records for accountability.
Activity will vary from month-to-month which means the time required for each month will also vary.
We will use any spare time for other GDPR related activities or roll the time over to the next month. We may move time from another month when it is necessary.
GDPR Auditing will provide you a monthly record of tasks undertaken and time used. We will review your allocated time during the quarterly review and adjust it as necessary.
Benefits of a DPO Service
- Outsourced DPO is necessarily independent, bound by a contract but not subject to any actual or implied hierarchy
- No conflict of interest between the DPO service and other business activities
- On demand, as and when you need it – or regular contact
- Contractually bound to maintain a certain level of expertise that is much more likely to be on top of regulatory changes as they develop
- DPIA’s completed by experienced DPO’s who do them on a regular basis
- Staff awareness and training is also an infrequent requirement and maintaining in house expertise is difficult
- DPO’s with pooled knowledge sources for dealings with the ICO
- DPO service will usually be much quicker to develop and implement policies and procedures because are a transferable IP
DPO’s can also bring ‘good practice’ to an organisation through initiatives elsewhere. A ‘virtual’, ‘outsourced’ or DPO as a Service offering from GDPR Auditing can take on all of the above on a variety of terms.
If the DPO service doesn’t look like it is for you then have a look at our Data Security Owner Service from £750 per month.**
*This will depend on the number and complexity of your documents to be review.
** No minimum term, cancellation 30 days written notice. Setup fees may apply.