Data Protection Officer packages
We provider three Tiers of service to scale with the complexity of your business needs.
DPO service type | Tier 3 | Tier 2 | Tier 1 |
Subscription pricing per month (quarterly in advance) | £2,000 | £3,500 | £5,500 |
Total for 12-month period | £24,000 | £42,000 | £66,000 |
Billing | Quarterly in advance | Quarterly in advance | Quarterly in advance |
Average number of days per month | 1 | 2 | 4 |
Support type | Team-based | Named individual | Named individual |
Gap analysis | |||
Conduct gap analysis with socialisation of report | ✔ | ✔ | ✔ |
Recommended remediation plan | ✔ | ✔ | ✔ |
Data protection governance | |||
Registration requirements of DPO (Harper James) with the supervisory authority | ✔ | ✔ | ✔ |
Assist with registration with the supervisory authority | ✔ | ✔ | ✔ |
Develop data protection governance structure (formation of privacy office, roles and responsibilities, privacy champions) | n/a | n/a | ✔ |
Data protection and privacy operations | |||
Records of processing activities (RoPA) | Template only | Template only | ✔ Conducting |
Legitimate interest assessments (LIA) | Template only | Template only | ✔ Conducting |
Data protection impact assessments (DPIA) | Template only | Template only | ✔ Conducting |
Privacy by default and design | Template only | Template only | ✔ Conducting |
Data subject rights | Template only | ✔ Supporting up to 2 DSRs and General Advice in relation to DSARs | ✔ Supporting up to 3 DSRs and General Advice in relation to DSARs |
Vendor management and due diligence. See Legal Documents | Template only | Template only | Template only |
Cross-border transactions | Time and materials | Time and materials | Time and materials |
Incident/breach reporting | ✔ Tier terms apply | ✔ Tier terms apply | ✔ Tier terms apply |
Policies and procedures | |||
Core policies and procedures creation or review such as privacy notices, data protection policies, data processing agreements, data subject rights policy, breach response plans and more | ✔ Toolkit of core documents | ✔ Bespoke core documents | ✔ Bespoke core documents |
Add-ons: Additional policies creation or review such as social media policy, business continuity plan, whistleblowing policy and more | n/a | n/a | ✔ Bespoke add on policies and logs |
DPO meetings with Board or Committee (max 1 hour 30 minutes) | n/a | ✔ Up to 2 meetings a year | ✔ Up to 4 meetings a year |
Interim progress report (at 6 months) | ✔ | ✔ | ✔ |
Full progress report (at 12 months) | ✔ | ✔ | ✔ |
Training and awareness | |||
Overview of data protection laws included. Bespoke training on request | GDPR training: Data protection training for all employees | GDPR training: Data protection training for all employees | GDPR training: Data protection training for all employees |
Tier 2 and 1 training includes: | n/a | 1 additional piece of webinar-based training materials of choice from HJ training bank (30 min webinar) | Up to 2 additional topics of choice from HJ training bank (30 min webinar) |
Ad hoc queries | |||
Ad hoc query support | ✔ Up to 4 hours per month | ✔ Up to 8 hours per month | ✔ Up to 10 hours per month |
Legal documents | |||
Vendor management and due diligence Contractual agreements DPAs, IGTAs, TIAs, SCCs | Assistance with vendor management (negotiations, contracts). | Assistance with vendor management (negotiations, contracts). | Assistance with vendor management (negotiations, contracts). |
Audits (e.g., pre-prep to ICO visit or review of a function) | Time and materials | Time and materials | Time and materials |
Optional outsourced CISO | |||
Dedicated outsourced chief information security officer | Time and materials | Time and materials | Time and materials |