Six months on from GDPR enforcement, it’s more important than ever that your organisation’s DPO is aware of the issues and rules surrounding data protection. No matter how big or small your business is, keeping your data safe should now be habit – but the rules surrounding the need for a DPO aren’t quite as well known.

Keeping to the Rules: why your business needs a Data Protection Officer (DPO) you can rely on in 2019

Cutting through the jargon: What is a DPO?

While every individual in your organisation should, at the very least, be aware of the implications of GDPR, it’s probably naive to expect that your whole team has a clear understanding of the risks that come with every step of data processing you take. That’s where a DPO, or Data Protection Officer, comes in.

A DPO is an individual designated to control and check up on the data systems and procedures within your organisation. A DPO is mandatory if you are a public authority, or you process sensitive data on a large scale.

It’s never a bad thing to make sure you have a full understanding of what GDPR means for your business – and this is where a DPO has the skills to clarify how GDPR specifically applies to your circumstances.

As mentioned earlier, public authorities who regularly process whole batches of personal information, appointing a DPO is an absolute must – but for smaller businesses, a DPO can act as a safeguard and potential GDPR mishaps.

Perhaps most importantly, a DPO will demonstrate your business’s compliance with GDPR, meaning that if you do suffer a data breach, you can prove that you were taking steps to protect any personal information in your possession. The DPO acts as a point of contact both within your organisation, and between your organisation and the Information Commissioner’s Office.

Say you’re unsure about the access requirements for a particular set of data, or you want to check your privacy settings are as watertight as possible – the DPO will be able to advise on the correct processes so that you can be absolutely sure that you’re remaining compliant.

This also means that the DPO can inform the ICO if any high risk processing is identified. By having a clear point of contact through your DPO, your business can avoid letting any dangerous data processing slip through the net, meaning you can potentially avoid some very damaging fines.

Finally, your DPO is also responsible for leading any training sessions to raise awareness of GDPR regulations within your organisation. With the constantly changing nature of cyber threats and malicious software threatening to steal your data, it can be difficult to stay ahead of cyber attacks.

A DPO will have the expert knowledge needed to train your team to spot these threats before they can threaten your GDPR compliance. In this way, appointing a DPO is a measure you can take to future-proof your business, as well as making sure your data is protected in the present.

So you know you need a DPO: What next?

Regardless of your business size, it’s important to make sure you leave no stone unturned when it comes to GDPR. As has been widely reported, significant fines could be put into place if your business fails to meet data safety requirements.

Luckily, the GDPR regulations aren’t too constricting when it comes to the kind of person that should take up the DPO role.

Article 37 states that ‘the DPO shall be designated on the basis of professional qualities and in particular, expert knowledge of data protection law and practices’.

This means that as long as they have a thorough understanding of the processes they are monitoring, and which of those processes aren’t following the rules, your DPO isn’t restricted to a certain kind of person.

The DPO should not be an existing staff member because they are not independent, impartial or free of consequences to action data protection issues due to their employee contract.

Whilst the public sector may have budget or shared resources available to secure the services of a DPO, many small businesses simply don’t have the money within their organisation to deliver full scale data security, which puts them at risk of missing high-risk data processing.

In the case of a cyber-attack on your business, an external DPO will work to minimise the potential damage to both you and your clients as far as is possible. From day to day data processing to knowing how to handle a data breach, having an external skilled resource of GDPR knowledge to lean on means that you can focus on your business growth, rather than  GDPR compliance.

Whether you’re looking for DPO as a service, or need support in managing your data processes in house, we can help you to make sure each and every part of your business is compliant. Contact us for information about how our “DPO as a Service” could be a cost effective and efficient way of minimising cost, fines and reputational damage.

Get in Touch

(Read Data Terms Policy)

Client Feedback

We are delighted to be working with CIS, the project is already looking well organised and innovative. CIS delivers a prompt professional service with trusted knowledge we can rely on at all times.

John Story, Head of IT

St Paul’s Cathedral

CIS have been our go-to IT supplier for nearly 20 years, and throughout that time they have been flexible, consultative, and above all putting our business at the forefront of their advice. I would be very pleased to recommend them for any company that needs to have a real partnership with their IT company.

Graham Hughes, Managing Director

Rovema UK Ltd


Keep Up To Date


CIS Overview



  • CIS Private Cloud
  • Infrastructure as a Service
  • Backup & Disaster Recovery
  • Remote Desktop Services


  • Anti-Virus & Ransomware
  • Extensive Encryption
  • Firewall & Next-Gen UTM
  • Penetration Testing
  • Digital Rights Management
  • Phishing
  • Mobile Device Management


  • Exchange Server Hosted & On Prem
  • Mail365
  • Unified Communications
  • Office 365
  • Mobile & VoIP Telephony
  • Internet Connectivity


  • Consultancy
  • Analysis & Audit Services
  • User Training & Enablement
  • Fully Managed Support


Since its inception in 1989 CIS’ philosophy has always been the same. We believe that in order for our team mates to provide the best possible service to our clients and to remain motivated and inspired themselves, we have to create a positive and stimulating working environment. One that encourages ambition, a continued exchange of ideas and dialogue, hard work, performance and loyalty. We have always rewarded our staff for going the extra mile and for embracing our company ethos but we also aim to make their working experience enjoyable and fun, working on the basis that humour can go a long way and fairness and respect are paramount.



Even though we say this ourselves, our portfolio is first class. We offer a range and quality of Cloud Services that can cater for all our customers’ business goals and aspirations. It’s our job to find the perfect solution for your requirements and you’ll benefit from the research and development carried out by our team to find the ideal system solutions for you.



Partners are vital to the ongoing success of our company so we nurture our award-winning network of like-minded organisations, building up mutual trust and respect in our working practices that can only benefit our customers.



It has always been of key importance to CIS to achieve high levels of productivity and to ensure that we remain s highly effective, lean and fast-moving organisation. It allows us to keep ahead of the game and to spot and act upon new products and trends whenever possible. By keeping on our toes, we can pass on benefits to our clients and partners without the need for time consuming learning curves.