Faced with your data protection obligations under GDPR, your organisation might have opted to handle the necessary Data Protection Officer (DPO) requirements in-house, whether adding it to a current role or trying to upskill existing staff. Or you might have put off addressing the issue and ended up doing nothing.
But doing it in-house can be stressful for the staff involved and unlikely to give you the in-depth data protection specialist knowledge needed to meet your legal obligations, respond quickly to personal data breaches or give you the capacity to build a data protection culture within your organisation. It can also potentially lead to a conflict of interest. And doing nothing puts your organisation at serious risk of non-compliance fines and your customers at risk of data breaches.
For a fixed monthly cost, Thorntons’ Outsourced Data Protection Officer Service provides you with a reliable, fully outsourced, 365 days a year, conflict-free DPO service that is delivered by our legal and compliance experts.
Outsourced DPO Service
- Protection from risk – Keeping you safe from unwanted surprises and helping to develop and implement your data protection strategy and future-proof your organisation through ongoing support services and training.
- There for you in a crisis – Providing a quick response to personal data breaches and data problems with our out-of-hours 24/7 service, acting as an extension of your team to help resolve the issue, minimise risk and protect your reputation.
- The right package at the right price – Working closely with you to provide you with an all-inclusive tailored compliance and legal service for your data protection needs at a fixed monthly fee.
- Independent legal and compliance expertise – Offering independent, specialist data protection advice from our team of compliance and legal experts, backed up by the reputation, confidentiality and services of Thorntons Law.
How it works
In discussion with you, we agree the number of days’ DPO support you need a month, tailoring the service to your specific organisational needs and covering the key areas shown below. Our data protection experts can provide the service on a part or full-time basis, or you can even share a DPO with another organisation.
Strategy and action plan Develop your strategy for compliance, implement a plan to ensure compliance and support roll-out of the plan. |
Day-to-day support Data protection support on hand for your organisation whenever you need it. |
Single point of contact Handle key data protection communications for staff, ICO and public. |
Handling of data security breaches & SARs 24/7 help available for quick response to data breaches and subject access request support. |
Keep Senior Management Team up to date Inform and contribute to stakeholder and board-level meetings to ensure decision-makers have oversight of risk. |
Documentation and activity recording Review and redrafting of key documentation and ensure compliant record-keeping. |
Data privacy impact assessments (DPIAs) Support undertaking DPIAs, minimising risk to your data processing practices. |
Staff training and updates Regular training and monthly updates to raise awareness across the organisation. |
The service set monthly fee will be based on the specific DPO and time needs of your organisation and will be agreed with you in advance.
About the DPO role
Does your organisation need a Data Protection Officer?
Under the UK GDPR, you have to appoint a Data Protection Officer (DPO) if your organisation is:
- A public authority, or
- Your core activities require regular and systematic monitoring of data subjects on a large scale, or
- Your core activities consist of processing on a large scale of special categories of data (formerly sensitive personal data) or criminal convictions and offences
Many organisations choose to voluntarily appoint a DPO with a view to embedding good data governance and de-risking operations. This can be hugely beneficial in the digital era where data is a valuable asset – good data governance can build trust with stakeholders, staff and customers and can help drive an organisation forward.
What are a DPO’s responsibilities?
The DPO’s roles and responsibilities are broadly to:
- Inform and advise on data protection within your organisation
- Monitor compliance with data protection laws
- Provide advice on data protection impact assessments and monitor performance
- To cooperate and act as the point of contact with the Information Commissioner’s Office (ICO) and data subjects when necessary
The role demands expert knowledge of data protection and can be contracted out if necessary.
At Thorntons, we can advise you on your DPO requirements and provide you with a flexible, tailored outsourced specialist DPO service ensuring your organisation’s data protection compliance.
How can Thorntons help?
At Thorntons, we believe that every organisation should have easy access to the right data protection support, keeping them and their customer/staff data safe. Thorntons’ specialist Outsourced DPO Service provides a flexible, tailored, outsourced DPO service to organisations who regularly process sensitive or high-volume personal data.
Here for both those who are required by law to have a DPO and those who do so voluntarily, our bespoke package is built round your organisation’s needs. You have access to specialist data protection support from our legal and compliance experts, with an ongoing service to mitigate risk and build effective data protection, and responsive help to deal with data emergencies – all for a fixed monthly fee.
Our Services
Our specialist Data Protection lawyers are on hand with clear advice and help for you on all aspects of GDPR.