Data Protection Officer On-Demand service

Our DPO-on-Demand service acts as a trusted advisor to organisations, providing the essential skills and experience needed to ensure they meet requirements mandated for compliance to the U.K. Data Protection Act (DPA) 2018. You get the expertise you need – when you need it.

This popular “on-demand” service is designed to ensure that your business gets the exact amount of resources it needs to meet its DPA compliance requirements.  On-hand expertise to review Data Processor agreements, conduct Privacy Impact Assessments, respond to Subject Access Requests, ensure compliance of data protection policies, investigate potential data breaches and liaise with the information Commissioner’s Office.  A dedicated data protection professional working for you to ensure compliance.

The service guarantees availability of expertise at a time when there is a significant shortage of data protection professionals in the marketplace and high levels of turnover.

Request a quote or more information

Please read our Privacy Notice here

How would you like us to contact you:

What are the components of a DPO On-Demand service

We will provide a trained and professional data protection officer on-site to your business offices to undertake data protection compliance activities on your behalf for either one, three or five days per-month depending on your demand. The service also includes template documentation for customisation to your organisation’s operational requirements and continual telephone support. The DPO will act as your dedicated resource representing your organisation’s data protection interests to staff, clients Data Controllers, Data Processors and Sub-Processors to ensure your compliance. Additionally, he/she will also provide on-going telephone support to ensure availability and continuity of advice throughout the engagement.

Dedicated Resource

A dedicated data protection expert to assume the daily roles, responsibilities and activities of a DPO required for the business’ compliance.

Template Documentation

Draft policies to include subject access requests forms, privacy impact assessment checklists and breach notification forms for customisation.

Telephone Support

Continuous telephone support throughout the engagement to provide ongoing support and assistance in addition to on-site activities.

What are the deliverables from a DPO On-Demand service

Deliverables will be customised to your exact requirements.
Your DPO will agree their task to be undertaken on their dedicated days prior with you, so that you decide exactly how the time is spent.

Key DPO deliverables

Typical activities however would include:

  • Administering Data Protection compliance training to staff
  • Oversight and management of Data Protection compliance program
  • Record keeping of processing operations
  • Conducting Privacy Impact Assessments
  • Responding to Subject Access Requests
  • Liaison with Data Controllers, Data Processors and Sub-Processors
  • Incident response and assessment
  • Breach notification to Data Protection Supervisory Authority

What are the benefits of a DPO On-Demand service

Rules of engagement are developed in collaboration with business stakeholders and all activities are coordinated with the appropriate stakeholder to ensure objectives are clear and business disruption does not occur. This straight-forward pragmatic service has numerous benefits to your business

Multi skilled DPO experts


Our DPOs can utilise other internal Risk Crew experts in information security governance risk and compliance to support your overall data protection program objectives.

Fast and easy DPO implementation


Our DPOs expert knowledge enables faster and easier implementation of required action in a practice-oriented way – specific to your business requirements.

Flexible DPO service options


Use the service as a short or medium-term fix until you can recruit a permanent qualified and experienced DPO for your business

DPO experts providing benchmark and validation for business compliance


External DPOs can make use of their experience from other organisations for your benefit providing both a benchmark and validation for your compliance.

DPO eperts who act in an independent manner


DPOs are required to ‘act in an independent manner’. CEOs, IT, HR and Legal Advisors are not allowed to work as DPOs, which can make selecting an independent DPO challenging.

Cost-effective on-demand service


The DPO On-Demand service may well be more price-effective than long-term costs of deploying your own staff resources.

Frequently Asked Questions about DPO on-Demand

What is a DPO?

A data protection officer (DPO) is an organisational leadership role required for compliance to General Data Protection Regulation (GDPR) and Data Protection Act legislation. A DPO bears the overall responsibility for the implementation and oversight of the security strategy and controls implemented to ensure the protection of personal data collected, processed, stored and transmitted by the business.

What does a DPO do?

Generally speaking, a DPO is responsible for educating the organisation about compliance, training employees who process personal data, conducting privacy impact assessments associated with any changes in processing, responding to subject access requests and conducting routine security audits to ensure security controls deployed to protect sensitive personal data are effective. DPOs also serve as the point of contact between the organisation and any Supervisory Authorities (SAs) that oversee activities related to compliance (like the UK Information Commissioner’s Office).

Who does a DPO report to?

A DPO should be independent, an expert in data protection, adequately resourced, and report to the highest management level possible.

Is having a DPO mandatory?

Appointing a DPO is mandatory under three circumstances:

  1. The organisation is a public authority or body.
  2. The organisation’s core activities consist of data processing operations that require regular and systematic monitoring of data subjects on a large scale.
  3. The organisation’s core activities consist of large-scale processing of special categories of data (sensitive data such as personal information on health, religion, race or sexual orientation) and/or personal data relating to criminal convictions and offences.
Can I outsource this requirement?

Yes. The GDPR allows organisations to outsource this requirement and appoint an external DPO acting under a service contract. Given the shortage of trained and experienced personnel, outsourcing this requirement can also be an extremely cost-effective solution.