DPO Service

What is a DPO?

One of the most relevant changes in General Data Protection Regulation (GDPR) is the obligation for some organisations to appoint a Data Protection Officer (DPO), a role tasked with facilitating compliance with the GDPR provisions.

The core tasks of the DPO under the new data protection regime are: 


  1. to inform and advise the organisation’s management about their obligations under the GDPR;
  2. to monitor the organisation’s compliance with EU and national data protection laws;
  3. to provide guidance and advice on Data Protection Impact Assessments (DPIA);
  4. to function as the main organisation’s contact point for people and institutions, including Data Protection Authorities.

Do you need a DPO?

The DPO may be a staff member of the organisation or fulfil his or her tasks on the basis of a service contract.

The GDPR provides that a DPO must be appointed by:

  1. Public authorities. This includes public sector or hybrid bodies, such as museums, publicly funded transport companies and foundations, etc.
  2. Organisations that carry out large scale systematic monitoring of individuals. This includes companies engaging in online behaviour tracking, profiling, etc.
  3. Organisations that carry out large scale processing of special categories of data or data relating to criminal convictions and offences. This includes private clinics, most political analysis companies, etc


Trilateral Research DPO service grows out of our pioneering work in safeguarding privacy within the public and private sector.

We continue to develop cutting-edge research and compliance strategies for our clients working with Data Protection Authorities and other experts to increase cooperation among regulators, to ensure stakeholder awareness, and to harmonise data protection training in Europe.

Being aware of the latest data protection developments, we are able to tailor our service to our clients’ needs.

Our DPO Service

This service is ideal for organisations that wish to appoint a DPO on a voluntary basis, to improve accountability and transparency and to inspire confidence from consumers and other stakeholders.

Are you operating an organisation with a limited data processing practice that is nonetheless required to appoint a DPO? Our experts will carry out all essential DPO tasks and ensure that you remain compliant with the relevant GDPR provisions while minimising your financial commitment.

This service is suited to organisations that want to be certain that no specific data protection innovation goes unnoticed.

Are you part of an organisation that needs a tailored service?

In addition to the “Basic” level services, our experts will keep you updated on critical legislative, judicial, or policy developments that may impact your business area, allowing you to save time and effort.

This service is ideal for organisations with medium-to-high-profile data processing practices that prefer to have professionals to look after their GDPR compliance work in a highly proactive manner.

Does your organisation want to grow internal awareness about GDPR regulation and data protection processes?

In addition to the “Advanced” level services, our experts will also conduct interactive webinars and Q&A sessions with your senior management and officers, and train your employees on the innovations in the data protection landscape.

Show Trilateral DPO Service
DPO Service Levels
ActivityBasicAdvancedEliteNotes/DetailsArticle Reference
Serve as your DPO
  • Company name and contact details transmitted to the ICO
  • Company name and contact details available to
    • management
    • employees
    • data subjects

Contact point for data subjects
  • Contact data accessible on the websites and privacy notices
  • Function as the main public contact point (email & post)
  • Guide your organisation on the possible sources of data requests

Contact point for Data Protection Authorities (e.g. ICO)Liaise with the ICO in the case of issues with the data subjects and data breaches36
Regular newsletter to inform and advise on relevant developments and possible challenges in data protection


Newsletter containing the latest regulatory news and compliance guidance, and news concerning conferences and training opportunities39(1)(a)
Annual gap analysis


Audit and gap analysis to map new activities and data-processing practices39(1)(b)
Status discussion (via phone/Skype) and report

Every 6 Months

Every 3 Months
Discussion and report39(1)(b)
Review of the privacy notices

Review of the privacy notices to ensure accuracy and advice on how to improve.39(1)(b)
Provide advice to the client organisation on how to carry on data protection impact assessments (DPIA) and to monitor their performance

We provide advice on:
  • Whether to carry out a DPIA
  • The best methodology to follow
  • Whether to carry out the DPIA in-house or to outsource it depending on the complexity
  • What safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects
  • Whether the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR
Oversee the establishment and maintenance of the Record of Processing Activities

  • Contact point for the designated employee
  • Guidance on the Record, including provision of check-lists, best practices, and methodological advice
Provide guidance on data breach handling and reporting

  • Contact point for the responsible person
  • Contact point for the ICO
  • Advice on best practices for handling data breaches, including notification requirements, reporting and identification of measures to limit damage
Monitor the data-protection-training activities and advise on their necessity

  • Inclusion of a chapter on training in the status reports
  • Provision of news and updates on relevant conferences and training courses (newsletter)
  • Provision of free-of-charge training materials, where appropriate
Yearly one-day seminar on the developments of data protection law and policy




Email assistance

Telephone assistance

(up to 4 hours per month)

(up to 8 hours per month)

Bespoke notifications to the top management on critical legislative, judicial, or policy developments that may impact your business

Email notification with explanation of the development and a preliminary overview of the impact on the organisation39(1)(a)
Review of the consistency of the internal documents concerning data processing practices

Cross-check of the consistency of the internal documents39(1)(b)
Weekend and holidays data breach guidance

Data breach guidance during the weekends and holidays, as opposed to standard working-day assistance
Drafting and maintaining the Record of Processing Activities

Bespoke training sessions for employees

On-site meetings and/or assistance




Conducting Data Protection Impact Assessments on your behalf*

(£750 per day)

(£750 per day)

(£750 per day)

Monthly cost

*Other travel costs, overnight stays, services of third parties, etc. will be charged according to their actual expense. Offer is subject to contract. All prices are VAT-excluded.
Please contact us for an estimate of the price.

Any questions or doubts?
Contact us

DR FILIPPO MARCHETTI, Data Protection Specialist at Trilateral Research


Assess your needs

Not all organisations require a DPO, use our DPO guides to assess your needs.