Outsourced Data Protection Officer service
Rely on our legal experts to manage your compliance needs as your fully integrated, outsourced Data Protection Officer (DPO).
Delivered by a dedicated individual (under our Essential Plus and Enhanced service plans) or by a flexible team of our expert data protection lawyers (under our Essential plan), we will take on and fulfil the key role of DPO in your business.
Acting as your extended in-house support, we’ll take pro-active ownership of your data protection responsibilities, keeping your business compliant and accountable so you can get on with business as usual.
Questions
If you have any questions or if you would like to discuss our plans further, you can contact Evan Tilley, our Product Lead and Senior Business Development Manager. You can email him here or call him on 0203 818 0863.
Evan has extensive experience in client relations and a deep understanding of client data protection needs across industries. He will guide you through our DPO services to help you identify the best plan and team to suit your organisation’s needs.
Our plans
We provide three levels of service to scale with the complexity of your business needs.
| DPO service type | Essential | Essential Plus | Enhanced |
| Subscription pricing per month (quarterly in advance) | £2,000 | £3,500 | £5,500 |
| Total for 12-month period | £24,000 | £42,000 | £66,000 |
| Billing | Quarterly in advance | Quarterly in advance | Quarterly in advance |
| Support type | Team-based | Named individual | Named individual |
| Gap analysis | |||
| Comprehensive Gap Analysis A detailed assessment and report with actionable insights | ✔ | ✔ | ✔ |
| Remediation and Improvement Plan A strategic plan to address identified gaps and support enhanced compliance | ✔ | ✔ | ✔ |
| Implementation Executing the recommended plans to support compliance and improve data protection practices | ✔ | ✔ | ✔ |
| Data protection governance | |||
| Registration requirements of DPO (appointing Harper James) with the supervisory authority | ✔ | ✔ | ✔ |
| Assist with your registration as a controller or processor with the supervisory authority | ✔ | ✔ | ✔ |
| Establishing Data Protection Governance Structures Developing and supporting the formation of a robust data protection framework, including the development of a privacy office and defined roles and responsibilities, such as privacy champions | n/a | n/a | ✔ |
| Data protection and privacy operations | |||
| Records of Processing Activities (RoPA) | Template only* | ✔ Bespoke | ✔ Bespoke |
| Conducting Legitimate Interest Assessments (LIA) | Template only* | Template only* | ✔ Bespoke |
| Performing Data Protection Impact Assessments (DPIA) | Template only* | Template only* | ✔ Bespoke |
| Supporting privacy by default and design | Template only* | Template only* | ✔ Bespoke |
| Supporting Data Subject Rights (DSR) requests ** | ✔ | ✔ | ✔ |
| Cross-border transactions | Time and materials | Time and materials | Time and materials |
| Incident and breach reporting ** | ✔ | ✔ | ✔ |
| Policies and procedures | |||
| Core policies Creation or review, including Website Privacy Notice, Employee Privacy Notice, Data Protection Policy, Data Processing Agreement, Data Retention Policy and Schedule, InfoSec Policy, Data Subject Rights Policy, Incident/Breach Policy, Training Policy and logs. | Template only* | ✔ Bespoke | ✔ Bespoke |
| Additional policies Creation or review, including e.g. Acceptable Usage Policy, BYOD, Access Control Policy, Social Media Policy, Business Continuity Plan, Whistleblowing Policy, or other bespoke policies / procedures and additional logs, e.g. marketing suppression list. | n/a | n/a | ✔ Bespoke |
| DPO meetings with Board or Committee (max 1 hour 30 minutes per meeting) | n/a | ✔ Up to 2 meetings a year | ✔ Up to 4 meetings a year |
| Interim progress report (at 6 months) | ✔ | ✔ | ✔ |
| Full progress report (at 12 months) | ✔ | ✔ | ✔ |
| Training and awareness | |||
| Overview of data protection laws included | Pre-recorded GDPR training materials for employees, HR and marketing | Pre-recorded GDPR training materials for employees, HR and marketing | Pre-recorded GDPR training materials for employees, HR and marketing |
| Essential Plus and Enhanced Plan training includes: | n/a | 1 additional bespoke 30-min webinar | Up to 2 additional bespoke 30-min webinars |
| Ad hoc queries | |||
| Ad hoc query support | ✔ Up to 4 hours per month | ✔ Up to 8 hours per month | ✔ Up to 10 hours per month |
| Legal documents | |||
| Vendor management and due diligence contractual agreements: DPAs, IGTAs, SCCs, TIAs. Strategic support and advice on legal documents included. | Time and materials | Time and materials | Time and materials |
| Legal assistance with vendor management: Due diligence, negotiations, preparing contracts, reviewing contracts | Time and materials | Time and materials | Time and materials |
| Audits (e.g. preparing for ICO visit, regulatory reviews or review of a function) | Time and materials | Time and materials | Time and materials |
** Whilst all plans receive the same DPO strategic oversight and guidance, the extent of our support varies across our service plans. Our product team can help you decide which plan best meets your organisation’s needs and requirements.
