What is a DPO?
One of the most relevant changes in General Data Protection Regulation (GDPR) is the obligation for some organisations to appoint a Data Protection Officer (DPO), a role tasked with facilitating compliance with the GDPR provisions.
The core tasks of the DPO under the new data protection regime are:
- to inform and advise the organisation’s management about their obligations under the GDPR;
- to monitor the organisation’s compliance with EU and national data protection laws;
- to provide guidance and advice on Data Protection Impact Assessments (DPIA);
- to function as the main organisation’s contact point for people and institutions, including Data Protection Authorities.
Do you need a DPO?
The DPO may be a staff member of the organisation or fulfil his or her tasks on the basis of a service contract.
The GDPR provides that a DPO must be appointed by:
- Public authorities. This includes public sector or hybrid bodies, such as museums, publicly funded transport companies and foundations, etc.
- Organisations that carry out large scale systematic monitoring of individuals. This includes companies engaging in online behaviour tracking, profiling, etc.
- Organisations that carry out large scale processing of special categories of data or data relating to criminal convictions and offences. This includes private clinics, most political analysis companies, etc
WHY US?
Trilateral Research DPO service grows out of our pioneering work in safeguarding privacy within the public and private sector.
We continue to develop cutting-edge research and compliance strategies for our clients working with Data Protection Authorities and other experts to increase cooperation among regulators, to ensure stakeholder awareness, and to harmonise data protection training in Europe.
Being aware of the latest data protection developments, we are able to tailor our service to our clients’ needs.
Our DPO Service
This service is ideal for organisations that wish to appoint a DPO on a voluntary basis, to improve accountability and transparency and to inspire confidence from consumers and other stakeholders.
Are you operating an organisation with a limited data processing practice that is nonetheless required to appoint a DPO? Our experts will carry out all essential DPO tasks and ensure that you remain compliant with the relevant GDPR provisions while minimising your financial commitment.
This service is suited to organisations that want to be certain that no specific data protection innovation goes unnoticed.
Are you part of an organisation that needs a tailored service?
In addition to the “Basic” level services, our experts will keep you updated on critical legislative, judicial, or policy developments that may impact your business area, allowing you to save time and effort.
This service is ideal for organisations with medium-to-high-profile data processing practices that prefer to have professionals to look after their GDPR compliance work in a highly proactive manner.
Does your organisation want to grow internal awareness about GDPR regulation and data protection processes?
In addition to the “Advanced” level services, our experts will also conduct interactive webinars and Q&A sessions with your senior management and officers, and train your employees on the innovations in the data protection landscape.
| DPO Service Levels | |||||
| Activity | Basic | Advanced | Elite | Notes/Details | Article Reference |
| Serve as your DPO |
| 37 | |||
| Contact point for data subjects |
| 38(4) | |||
| Contact point for Data Protection Authorities (e.g. ICO) | Liaise with the ICO in the case of issues with the data subjects and data breaches | 36 39(1)(d) 39(1)(e) |
|||
| Regular newsletter to inform and advise on relevant developments and possible challenges in data protection | Monthly | Monthly | Monthly | Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities | 39(1)(a) |
| Annual gap analysis | Virtual | Virtual | On-Site | Audit and gap analysis to map new activities and data-processing practices | 39(1)(b) |
| Status discussion (via phone/Skype) and report | Annually | Every 6 Months | Every 3 Months | Discussion and report | 39(1)(b) |
| Review of the privacy notices | Review of the privacy notices to ensure accuracy and advice on how to improve. | 39(1)(b) | |||
| Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance | We provide advice on:
| 39(1)(c) | |||
| Oversee the establishment and maintenance of the Record of Processing Activities |
| 30 | |||
| Provide guidance on data breach handling and reporting |
| 33(3)(b) | |||
| Monitor the data-protection-training activities and advise on their necessity |
| 39(1)(b) | |||
| Yearly one-day seminar on the developments of data protection law and policy | online | online-live | on-site | ||
| Email assistance | |||||
| Telephone assistance | (up to 4 hours per month) | (up to 8 hours per month) | |||
| Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business | Email notification with explanation of the development and a preliminary overview of the impact on the organisation | 39(1)(a) | |||
| Review of the consistency of the internal documents concerning data processing practices | Cross-check of the consistency of the internal documents | 39(1)(b) | |||
| Weekend and holidays data breach guidance | Data breach guidance during the weekends and holidays, as opposed to standard working-day assistance | ||||
| Drafting and maintaining the Record of Processing Activities | |||||
| Bespoke training sessions for employees | |||||
| On-site meetings and/or assistance | (£150/h) | (£75/h) | (£75/h) | ||
| Conducting Data Protection Impact Assessments on your behalf* | (£750 per day) | (£750 per day) | (£750 per day) | ||
| Monthly cost *Other travel costs, overnight stays, services of third parties, etc. will be charged according to their actual expense. Offer is subject to contract. All prices are VAT-excluded. | Please contact us for an estimate of the price. |
Any questions or doubts?
Contact us
DR FILIPPO MARCHETTI, Data Protection Specialist at Trilateral Research
Assess your needs
Not all organisations require a DPO, use our DPO guides to assess your needs.
