Why Do You Need a DPO?
For some organisations, it is now a mandatory requirement to appoint a data protection officer, namely if you:
- Are a public authority
- Conduct large scale systematic monitoring of individuals
- Conduct large scale processing of special categories of data or data relating to criminal convictions and offences.
However, irrespective of any mandatory / legal requirement, employing a DPO demonstrates to the Information Commissioner’s Office (ICO) and your business partners your commitment to a data protection framework that is compliant with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA). Equally, having someone to oversee your approach and to be there, in the background, as and when you need them for advice, guidance and support, is invaluable. A DPO resource will enable your organisation to adopt a proactive approach to managing personal information.
Benefits of URM’s Virtual DPO Service
- Enables you to access not just one, but a team of experienced and qualified data protection practitioners, each with their area of specialism, e.g. dealing with the regulator (ICO), advising on challenging SARs, conducting data protection impact assessments (DPIAs), managing personal data breaches, improving information security, developing awareness presentations
- Provides you with expert practical advice, guidance and support, as and when needed
- Ensures there is no ‘conflict of interest’ between the DPO and other business activities i.e. the DPO should not be a company director or HR representative
- Provides a practical and cost-effective solution to achieving compliance with the GPPR and the DPA
- Ensures you are able to respond confidently to requests and comply to the latest regulatory and legal developments, as URM’s team closely monitors any clarifications/interpretations on the GDPR/DPA from sources such as the ICO.
What does URM’s Virtual DPO Service consist of:
Initial Review and Kick Off Meeting
With the initial review, URM will establish an acceptable baseline/starting point for the Virtual DPO Service and verify your current GDPR compliance status. The review may identify improvement opportunities and we can mutually agree who will own any resulting actions and timescales for completion. This will be undertaken before the service commences and will ensure that the GDPR framework is established and that the appropriate governance is in place. This is followed by a kick off meeting where the exact nature of the DPO service, along with roles and responsibilities, will be defined and a service summary will be prepared for joint sign off.
A key component of URM’s Service are the days spent on your site and which occur on a frequency that meets your requirements, e.g. weekly, fortnightly, monthly, quarterly. Reviewing DPIAs, audits, training material etc. and providing advice training on the GDPR and DPIA 2018.
Ad hoc Advice and Guidance
Another key element of the Virtual DPO Service is providing you with advice and guidance on all aspects of data protection, including performing DPIAs, fulfilling data subject rights requests, delivering training or providing an escalation point for any personal data breach.
Annual DP Audits
In order to provide the necessary assurance to the Board/Senior Management Team on your overall compliance with the GDPR/DPA 2018, URM is able to conduct an annual audit. With the audit, the DPO will review various DP activities including DPIAs conducted, Internal audits carried out and the current governance structures.
With each activity, the DPO will seek evidence/records of processing activities.
For more detailed information on the contents of URM's Virtual DPO Service please refer to our datasheet