Data Protection Officer

We can act as the DPO for your organisation

Who should appoint a DPO?

Under the General Data Protection Regulation (yes, the GDPR again!) you must appoint a DPO if:

  • You are a public authority or body;
  • Where core activities require large-scale, regular systematic monitoring of individuals;
  • Where core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences. 

However, it should be noted that it is strongly recommended for all organisations to appoint a Data Protection Officer to show customers, suppliers and other interested parties that you take the protection of personal data seriously.

Who should be appointed as DPO?

There are several options to consider when deciding who your organisation could appoint as DPO:

 

Do nothing! If your organisation doesn’t fall into the definition of a mandatory category for a DPO within the GDPR you could decide not to appoint one at all.

 

    Appoint someone internally. If the GDPR makes it mandatory to appoint a DPO, or you’ve decided it makes sense for your organisation to have one, you can look to appoint an existing employee.

Key Points to note:

  • In order to perform the role a DPO should be appointed primarily based on their:
    • Professional qualities
    • Experience
    • Expertise in data protection law.
  • If your current workforce does not contain an expert in data protection, we wouldn’t recommend appointing from within.
  • You must also ensure when appointing someone internally that there is not a conflict of interest as a DPO needs to perform his or her duties independently and impartially.
  • Therefore, they should not be already employed in an executive capacity.
 

    Recruit a dedicated DPO. Given this would be a dedicated role it tends to be an approach which is favoured and considered viable only by larger organisations or ones that fall into the ‘mandatory’ categories.

 

     Outsource the role. There are many third-party services that offer access to an external Data Protection Officer (or virtual Data Protection Officer):

  • This can be an affordable and practical approach.
  • It is up to you to decide what would be the best fit for your organisation.
  • We would however recommend that the same level of care and rigour is applied during the evaluation of potential suppliers during this process.
  • There are many ‘one-man bands’ that have sprung up and invariably don’t have either the:
    • Strength in depth or,
    • Expertise that you require. 

An outsourced DPO Service should deliver at least the same professional qualities and specific experience as when selecting a dedicated individual for the role.

Why choose ThinkMarble's DPO service?

Our Data Protection Officer service, unlike many others out there, is lawyer led, with over 30 years of experience in the field. The service is easy to set up and is provided in a tiered system so that you can get the coverage that you require. Below you can find more details about our Data Protection Officer Service:

  • Basic
  • Premium
BasicPremium
£49500
/month
From £1,49500
/month
Limited access to dedicated support from lawyer-led DPO team regarding information, advice and guidance on GDPR compliance.
Full access to dedicated support from lawyer-led DPO team regarding information, advice and guidance on GDPR compliance.
Annual review of personal data processing activities to monitor and ensure compliance with the GDPR.
Interface with ICO for all data protection issues.
Access to template policies and other data protection documentation.
Access to up to 10 webinars per year on the latest data protection news and developments.
Quarterly report of activities and use of service to help you better understand your strengths and weaknesses and measure value for money.
Monthly report of activities and use of service to help you better understand your strengths and weaknesses and measure value for money.
Service availability hours - Mon-Fri 9:00 - 17:30 excluding public holidays.
Service availability hours - 24/7
Remote ‘familiarisation’ meeting to better understand your organisation and how it processes personal data.
On-site ‘familiarisation’ meeting to better understand your organisation and how it processes personal data.
Advice credits per month (email, telephone).4 (additional billed monthly in arrears)Unlimited
Legal advice about GDPR/data protection aspects of legal contracts and review of any existing key data protection related policies.*
Access to GDPR GAP analysis and portal.
Access to ThinkMarble's online GDPR training Syllabus.
Tailored GDPR training on-site.**
Cyber Security Threat Assessment.
Quarterely external vulnerability management scan.
Contact usContact us

*Privacy, data protection or retention policies. 

**Up to 2 training days onsite per annum. Additional days can be requested at an additional cost. 

What to do next?

If you feel like you want to learn more about ThinkMarble’s Data Protection Officer service, or you’d like to talk to someone about purchasing the service, please fill out the contact form below and one of our experts will be in touch.

WordPress Lightbox Plugin
X
X

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close