Service
DPO outsourcing
We take on the Data Protection Officer role and run it continuously. Registers, risk assessments, data subject requests and contact with the supervisory authority stay on our side.
- ISO/IEC 27001
- 3000+ workstations
- Since 2017
DPO outsourcing is an ongoing service, not a one-off project. The company gains an appointed officer who meets GDPR requirements without a headcount or recruitment costs, and data protection is maintained over time, not just deployed once.
Scope of DPO service
All the officer tasks arising from GDPR, delivered continuously by an appointed person.
-
Records of processing
We keep and update the record of processing activities and the record of categories of activities. Always current, ready to present.
-
Risk assessments and DPIA
We assess the risk to individuals rights and carry out a data protection impact assessment where the processing requires it.
-
Handling data subject requests
We take over requests for access, rectification, erasure and objection. We watch the deadlines and prepare the responses.
-
Contact with the supervisory authority
We are the point of contact for the supervisory authority and for data subjects. We handle breach notifications.
-
Ongoing consultation
We advise on new processes, processing agreements and IT systems before they launch, not after an inspection.
-
Team training
We run data protection training for employees, matched to their real tasks and risks.
Why an external DPO is often better than an internal one
An internal officer often combines the role with another function, for example in HR or IT. This creates a conflict of interest that GDPR explicitly advises against, because it is hard to objectively oversee a process you run yourself. On top of that, one person knowledge can be narrow and ages faster than the interpretations change.
An external DPO is independent by definition and works on experience from many deployments. We see how similar companies solve the same problems, and we bring proven solutions across. The company pays for real engagement, not for a full post whose scope is uneven over time anyway.
Data protection is a process, not a state
GDPR compliance is not something you achieve once and tick off. A company hires new people, deploys new systems, changes suppliers and enters new markets. Each such change touches personal data and needs assessing before it becomes a problem.
That is why we run this service continuously. We respond to changes in the company and in the law, update the registers and documentation, and you have one number to resolve a matter when a customer calls with a request or a suspected breach appears.
How we work together
An ongoing service with a named contact and clear channels of communication.
- 24 hresponse to a request
- 72 hbreach notification to the authority
- email, phonechannels of contact
- quarterlycompliance review
- Deployment at the start. We start with an inventory of processing and a review of documentation, so we enter the role knowing the company, not blind.
- Appointed officer. The company gets a specific person acting as DPO, registered with the authority, not an anonymous hotline.
- Ongoing oversight. We monitor changes in the company and in the law, update the registers and respond to requests and incidents as they come.
- Periodic report. We provide a periodic review of the state of data protection with recommendations on what to improve next quarter.
Model rozliczeń
We bill the service under a fixed monthly subscription matched to the size of the company and the number of processing operations.
Included
- Acting as DPO and registration with the authority
- Keeping and updating the registers
- Handling data subject requests and ongoing consultation
- Point of contact for the authority and for data subjects
Beyond the plan
- Data protection impact assessment for new, complex processes
- On-site training for larger teams
- Support during an authority inspection
We agree the scope of the subscription after an initial inventory, so the price matches the real scale of processing.
Frequently asked questions
Does an external DPO meet GDPR requirements?
Yes. GDPR explicitly allows the officer role to be performed under a service contract. We register the appointed person with the supervisory authority as the company official DPO.
Do we have to have a DPO?
The obligation applies among others to public bodies and to companies whose core activity involves large-scale monitoring of individuals or processing of special categories of data. During a conversation we will assess whether it applies to you.
What does day-to-day contact look like?
You have an appointed contact available by email and phone during working hours. We handle requests within agreed deadlines, and urgent matters, such as a data breach, as a priority.
What does the subscription cover?
Acting as DPO, keeping the registers, handling data subject requests, consultation and the role of point of contact with the authority. Unusual work, such as a large DPIA or support during an inspection, we price separately and always agree in advance.
Let us talk about your project
Answer 2 questions about your company. You will see a simple estimate right away, and we will prepare a full proposal within 24 business hours.
- 2 minutes, no commitment
- You talk to an engineer, not a salesperson
- No spam, one contact about your quote