Organisations in Europe and abroad are preparing for 25 May 2018, the day on which the General Data Protection Regulation (GDPR) becomes effective. One of the most relevant changes in the new regime is the obligation for some organisations to appoint a Data Protection Officer (DPO), a corporate role tasked with facilitating compliance with the GDPR provisions.
The DPO may be a staff member of the organisation or fulfil his or her tasks on the basis of a service contract.
The GDPR provides that a DPO must be appointed by:
Even if no obligation exists for you under the GDPR to appoint a DPO, you may find it useful to designate a DPO on avoluntary basis. This is advisable especially in border-line cases, in which it is not entirely clear if your business fulfils the requirements for a compulsory appointment. In fact, voluntary appointments are not only encouraged by the EU but theycontribute to strengthening the organisation’s compliance and accountability position in case of data-protection-related issues.
Trilateral’s GDPR-certified employees possess the necessary skills to fulfil this DPO role for your organisation.
This service is ideal for organisations that wish to appoint a DPO on a voluntary basis, to improve accountability and transparency and to inspire confidence from consumers and other stakeholders.
Are you operating an organisation with a limited data processing practice that is nonetheless required to appoint a DPO? Our experts will carry out all essential DPO tasks and ensure that you remain compliant with the relevant GDPR provisions while minimising your financial commitment.
This service is suited to organisations that want to be certain that no specific data protection innovation goes unnoticed.
Are you part of an organisation that needs a tailored service?
In addition to the “Basic” level services, our experts will keep you updated on critical legislative, judicial, or policy developments that may impact your business area, allowing you to save time and effort.
This service is ideal for organisations with medium-to-high-profile data processing practices that prefer to have professionals to look after their GDPR compliance work in a highly proactive manner.
Does your organisation want to grow internal awareness about GDPR regulation and data protection processes?
In addition to the “Advanced” level services, our experts will also conduct interactive webinars and Q&A sessions with your senior management and officers, and train your employees on the innovations in the data protection landscape.
|DPO Service Levels|
|Serve as your DPO||37|
|Contact point for data subjects||38(4)|
|Contact point for Data Protection Authorities (e.g. ICO)||Liaise with the ICO in the case of issues with the data subjects and data breaches||36
|Regular newsletter to inform and advise on relevant developments and possible challenges in data protection|
|Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities||39(1)(a)|
|Annual gap analysis|
|Audit and gap analysis to map new activities and data-processing practices||39(1)(b)|
|Status discussion (via phone/Skype) and report|
Every 6 Months
Every 3 Months
|Discussion and report||39(1)(b)|
|Review of the privacy notices||Review of the privacy notices to ensure accuracy and advice on how to improve.||39(1)(b)|
|Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance||We provide advice on:||39(1)(c)|
|Oversee the establishment and maintenance of the Record of Processing Activities||30|
|Provide guidance on data breach handling and reporting||33(3)(b)|
|Monitor the data-protection-training activities and advise on their necessity||39(1)(b)|
|Yearly one-day seminar on the developments of data protection law and policy|
(up to 4 hours per month)
(up to 8 hours per month)
|Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business||Email notification with explanation of the development and a preliminary overview of the impact on the organisation||39(1)(a)|
|Review of the consistency of the internal documents concerning data processing practices||Cross-check of the consistency of the internal documents||39(1)(b)|
|Weekend and holidays data breach guidance||Data breach guidance during the weekends and holidays, as opposed to standard working-day assistance|
|Drafting and maintaining the Record of Processing Activities|
|Bespoke training sessions for employees|
|On-site meetings and/or assistance|
|Conducting Data Protection Impact Assessments on your behalf*|
(£750 per day)
(£750 per day)
(£750 per day)
*Other travel costs, overnight stays, services of third parties, etc. will be charged according to their actual expense. Offer is subject to contract. All prices are VAT-excluded.
|Please contact us for an estimate of the price.|