Whether you’ve already got a DPO in place, or are still trying to find a candidate with suitable experience, an outsourced DPO-as-a-service is something many SMEs are turning to to fill gaps with parental leave or holiday cover, or in cases where organisations don’t require the services of a full-time professional. Let’s examine a couple of the key reasons people look at this option.
Regulations are becoming ever more complex
The GDPR requires organisations to hire new staff, set out formal policies for data management, retention, storage and handling, and bolster their cyber security posture to ward off data breaches.
With increased rights for data subjects, the right to be forgotten and the movement of data between jurisdictions, scoping out the policies to make sure your organisation is fully compliant can be a big task - and there is always a chance your interpretation of compliance guidelines and the ICO’s may differ.
Post-Brexit, domestic compliance efforts will focus on the newly-updated Data Protection Act, which widens the scope of personal data to include IP addresses, internet cookies and DNA. For multinationals - or even small businesses working in multiple jurisdictions - having a senior, experienced professional on-hand means your data strategies will set your business up for trading in a compliant manner across the globe.
What does DPO-as-a-service look like?
With all of this in mind, we’re really excited to take the wraps off something we’ve been working on for a couple of months. Here at Dot Group, we’re known for deep technical expertise when it comes to all aspects of data, be it management, integrations, storage or analysis. But with the GDPR now fully in force, we’ve wanted to present our clients with a more rounded service offering for some time, and today we’re announcing a new collaboration with the Privacy Partnership, the foremost experts in data privacy in the UK. Together, we can rapidly audit your organisation’s data assets along with the associated management policies, and offer professional, compliant remediation.
Nicola Mckilligan-Regan, founder & CEO at Privacy Partnership, has over two decades of experience in data privacy law, including several years at the Information Commissioner’s office directly, and is the author of several guides on data protection, privacy and freedom of information. ‘I’m really excited about the possibilities this new partnership opens up for us and our clients. Simon and his team have access to cutting-edge technologies that we will be able to leverage to give clients ultimate reassurance their data is processed, stored and accessed in an efficient and compliant manner.”
Avoid conflict of interest and liaise properly with the ICO
An experienced, professional outsourced DPO has the benefit of increased exposure across multiple clients, and can offer suggestions and guidance based on accumulated experience. They’ll also be exempt from any conflict of interests that may arise by appointing an existing member of staff to a dual-role, (HR and DPO, for example). They’ll conduct data protection impact assessments, coordinate responses to subject access requests, advise on policies and best-practice processes, and most significantly, liaise between you and any supervisory data protection authorities. In the UK, this means the ICO. If you’re unlucky enough to get breached, you’ll want to be able to call on topdrawer talent to represent you and negotiate with authorities in order to demonstrate compliance with legislation. This is a key part of the DPO role, and will become more and more important over time as ICO investigations, fines and penalties start to be commonplace.
For more guidance on achieving GDPR compliance, have a read of IBM’s white paper: