DPO Service

What is a DPO?

One of the most relevant changes in General Data Protection Regulation (GDPR) is the obligation for some organisations to appoint a Data Protection Officer (DPO), a role tasked with facilitating compliance with the GDPR provisions.

The core tasks of the DPO under the new data protection regime are: 

 

  1. to inform and advise the organisation’s management about their obligations under the GDPR;
  2. to monitor the organisation’s compliance with EU and national data protection laws;
  3. to provide guidance and advice on Data Protection Impact Assessments (DPIA);
  4. to function as the main organisation’s contact point for people and institutions, including Data Protection Authorities.

Do you need a DPO?

The DPO may be a staff member of the organisation or fulfil his or her tasks on the basis of a service contract.

The GDPR provides that a DPO must be appointed by:

  1. Public authorities. This includes public sector or hybrid bodies, such as museums, publicly funded transport companies and foundations, etc.
  2. Organisations that carry out large scale systematic monitoring of individuals. This includes companies engaging in online behaviour tracking, profiling, etc.
  3. Organisations that carry out large scale processing of special categories of data or data relating to criminal convictions and offences. This includes private clinics, most political analysis companies, etc

WHY US?

Even if no obligation exists for you under the GDPR to appoint a DPO, you may find it useful to designate a DPO on a voluntary basis. This is advisable especially in border-line cases, in which it is not entirely clear if your business fulfils the requirements for a compulsory appointment. In fact, voluntary appointments are not only encouraged by the EU but they contribute to strengthening the organisation’s compliance and accountability position in case of data-protection-related issues.

Trilateral’s GDPR-certified employees possess the necessary skills to fulfil this DPO role for your organisation.

Our DPO Service

This service is ideal for organisations that wish to appoint a DPO on a voluntary basis, to improve accountability and transparency and to inspire confidence from consumers and other stakeholders.

Are you operating an organisation with a limited data processing practice that is nonetheless required to appoint a DPO? Our experts will carry out all essential DPO tasks and ensure that you remain compliant with the relevant GDPR provisions while minimising your financial commitment.

This service is suited to organisations that want to be certain that no specific data protection innovation goes unnoticed.

Are you part of an organisation that needs a tailored service?

In addition to the “Basic” level services, our experts will keep you updated on critical legislative, judicial, or policy developments that may impact your business area, allowing you to save time and effort.

This service is ideal for organisations with medium-to-high-profile data processing practices that prefer to have professionals to look after their GDPR compliance work in a highly proactive manner.

Does your organisation want to grow internal awareness about GDPR regulation and data protection processes?

In addition to the “Advanced” level services, our experts will also conduct interactive webinars and Q&A sessions with your senior management and officers, and train your employees on the innovations in the data protection landscape.

Show Trilateral DPO Service
DPO Service Levels
ActivityBasicAdvancedEliteNotes/DetailsArticle Reference
Serve as your DPO
  • Company name and contact details transmitted to the ICO
  • Company name and contact details available to
    • management
    • employees
    • data subjects

37
Contact point for data subjects
  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data requests

38(4)
Contact point for Data Protection Authorities (e.g. ICO)Liaise with the ICO in the case of issues with the data subjects and data breaches36
39(1)(d)
39(1)(e)
Regular newsletter to inform and advise on relevant developments and possible challenges in data protection
Monthly

Monthly

Monthly
Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities39(1)(a)
Annual gap analysis
Virtual

Virtual

On-Site
Audit and gap analysis to map new activities and data-processing practices39(1)(b)
Status discussion (via phone/Skype) and report
Annually

Every 6 Months

Every 3 Months
Discussion and report39(1)(b)
Review of the privacy notices


Review of the privacy notices to ensure accuracy and advice on how to improve.39(1)(b)
Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance


We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
39(1)(c)
Oversee the establishment and maintenance of the Record of Processing Activities


  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
30
Provide guidance on data breach handling and reporting


  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
33(3)(b)
Monitor the data-protection-training activities and advise on their necessity


  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of free-of-charge training materials, where appropriate
39(1)(b)
Yearly one-day seminar on the developments of data protection law and policy

online

online-live

on-site

Email assistance


Telephone assistance

(up to 4 hours per month)


(up to 8 hours per month)

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business


Email notification with explanation of the development and a preliminary overview of the impact on the organisation39(1)(a)
Review of the consistency of the internal documents concerning data processing practices


Cross-check of the consistency of the internal documents39(1)(b)
Weekend and holidays data breach guidance


Data breach guidance during the weekends and holidays, as opposed to standard working-day assistance
Drafting and maintaining the Record of Processing Activities


Bespoke training sessions for employees


On-site meetings and/or assistance

(£150/h)

(£75/h)

(£75/h)

Conducting Data Protection Impact Assessments on your behalf*

(£750 per day)

(£750 per day)

(£750 per day)

Monthly cost

*Other travel costs, overnight stays, services of third parties, etc. will be charged according to their actual expense. Offer is subject to contract. All prices are VAT-excluded.
Please contact us for an estimate of the price.

Any questions or doubts?
Contact us

DR FILIPPO MARCHETTI, Data Protection Specialist at Trilateral Research

 

Assess your needs

Not all organisations require a DPO, use our DPO guides to assess your needs.

Read More