Skip to main content

Data Protection Officer Packages

Under GDPR, your organisation has to have a Data Protection Officer (DPO) if:

  • You are a public authority, or
  • Your core activities include the carrying out of regular and systematic monitoring of data subjects on a large scale, or
  • Your core activities include the carrying out of large-scale processing of special categories of data or data relating to criminal convictions


Your DPO will help your organisation remain accountable in its data operations. They should have a high-level knowledge of GDPR and data protection so they can offer advice and support on all aspects of processing data in your organisation. It is important for them to be able to act independently and without conflict.

Expert external support can help your DPO ensure your organisation is GDPR compliant or you can opt for an outsourced DPO service.

How can Thorntons help?

Our experienced team offer a range of DPO support packages to assist company DPOs help their organisations meet the ongoing requirements of GDPR, as well as a full outsourced DPO service for companies who want us to take on the role for them.

DPO and GDPR

The DPO plays a key role in ensuring GDPR is successfully implemented and adhered to within an organisation:

Article 39 GDPR sets out the roles and responsibilities of a DPO. These are to:

  • Inform and advise on data protection within your organisation
  • Monitor compliance with GDPR
  • Provide advice on data protection impact assessments and monitor its performance
  • To cooperate and act as the point of contact with the ICO when necessary

The role demands expert knowledge of data protection and can be contracted out if necessary. It does not necessarily have to be a full-time role, and provided there is no conflict of interest, the DPO can perform other tasks within the organisation.

The DPO must have access to top levels of management and must be involved, properly and in a timely manner, in all areas which relate to the protection of personal data. The role has protected status and DPOs cannot be dismissed or penalised for performing their role. It is important that organisations designate time, funding and the necessary support to the DPO to allow them to fulfil their role.

DPO and GDPR

The DPO plays a key role in ensuring GDPR is successfully implemented and adhered to within an organisation:

Article 39 GDPR sets out the roles and responsibilities of a DPO. These are to:

  • Inform and advise on data protection within your organisation
  • Monitor compliance with GDPR
  • Provide advice on data protection impact assessments and monitor its performance
  • To cooperate and act as the point of contact with the ICO when necessary

The role demands expert knowledge of data protection and can be contracted out if necessary. It does not necessarily have to be a full-time role, and provided there is no conflict of interest, the DPO can perform other tasks within the organisation.

The DPO must have access to top levels of management and must be involved, properly and in a timely manner, in all areas which relate to the protection of personal data. The role has protected status and DPOs cannot be dismissed or penalised for performing their role. It is important that organisations designate time, funding and the necessary support to the DPO to allow them to fulfil their role.


Our Services

Our specialist Data Protection lawyers are on hand with clear advice and help for you on all aspects of GDPR.


Meet the Experts

Our Data Protection and Information Security team are ready to provide practical and commercial advice

Make an Enquiry

Top