DPO as a Service

Does your business require a Data Protection Officer?

Data controllers and processors must designate a DPO in any of these three situations:

  1. Where the processing is carried out by a public body
  2. Where the core activities require regular and systematic monitoring of data subjects on a large scale
  3. Where core activities of a controller or processor involve large-scale processing of sensitive personal data, or personal data relating to criminal convictions/offences

What is a DPO?

A Data Protection Officer (DPO) is a position within an organisation that acts as an independent advocate for the proper care and use of personal information. Under the General Data Protection Regulation (GDPR) all businesses that hold any form of personal information on any individual within the European Union, may need legally appoint a data protection officer.

How can we help?

CIS offers a DPO as a Service (DPOaaS) approach to the GDPR, through the consultancy of establishing your processes, security, implementing the necessary changes, being responsible for suggesting a change to the business and then continually updating the business as compliance and legislation changes. The DPOaaS will offer housekeeping visits to deal with any issues or questions arising and will also assist with all Data Subject Access Requests.

Finally, the DPOaaS will be on hand when there is a breach, to help guide the business through the notifications processes and the ‘what to do next’ – enabling the organisation to minimise the potential enforcement actions imposed by the ICO.