Outsourced Data Protection Officer (DPO)
Bruce & Butler provide a tailored fully managed and outsourced data protection service that ensures an independent, professional and informed approach is carried out by dedicated industry professionals.
Bruce & Butler can perform the role of Data Protection Officer (DPO), as laid out in Article(s) 37, 38 and 39 of the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
Do we require a DPO?
Yes, required by law, if you meet any of the following 3 criteria:
- Where the processing is carried out by a public authority or body;
- Where the “core activities” of the Data Controller or Data Processor consist of processing operations which require regular and systematic monitoring” of data subjects on a “large scale”; or
- Where the “core activities” of the Data Controller or Data Processor consist of processing on a “large scale” of “special categories of personal data” or data relating to criminal convictions and offences.
You can also appoint a Data Protection Officer on a voluntary basis to give assurance and demonstrate accountability.
Outsourcing the DPO role is simple – you immediately benefit from the following:
- A dedicated point of contact to provide a consistent and personal service. External DPOs can make use of their best practice experience from other companies for your organisation’s benefit, creating a synergy effect;
- Practical and cost effective. The packages offered by Bruce & Butler may well be more price-effective than then long-term costs of deploying your own staff resources.
- External and independent assurance free from any conflict of interest. CEOs, Head of IT, HR, Marketing and Legal Advisors are in general unable to act as appointed DPOs, which can make selecting a DPO more challenging;
- Guidance & advice from dedicated industry professionals. Organisations are required to appoint a DPO based on professional experience. We have the specialist knowledge and have received advanced training without you having to pay for it;
- Ensures the DPO requirements, under GDPR Articles 37-39, are met. Organisations experiencing difficulty recruiting a qualified and experienced DPO can appoint an outsourced DPO in the short to medium term to fill the gap.