DPO as a service

The complete solution to your data privacy responsibilities under the GDPR.
Independent DPO service with unlimited telephone and email advice via a dedicated DPO.
Contact point with your supervisory authority on all data protection matters.
This is an annual subscription service that is charged on a monthly basis. This service auto-renews in line with our terms and conditions.

“GRCI Law provided a thorough gap analysis to help our company achieve GDPR compliance before launching an IoT product in Europe. They were thorough when researching questions we had about data privacy and how to categorise the various pieces of data we collect through our app and IoT device. They also provided DPO services and helped us prepare for Brexit, and we feel prepared for the year to come.” - Business Systems Manager IoT company

Select subscription

Price: £750.00

Excluding VAT

A complete solution to your GDPR DPO responsibilities

This all-encompassing service fulfils your DPO responsibilities under Articles 38 and 39 of the GDPR. It includes:

It includes:

A dedicated DPO as your single point of contact.
A truly independent DPO with no conflict of interest with other business services.
An experienced DPO with a proven track record.

What do you get?

A dedicated DPO manager;
Registration as DPO with the relevant supervisory authority;
A GDPR gap analysis and remedial action plan (year 1) that prioritises key issue your organisation must address to meet compliance with the GDPR and DPA 2018;
GDPR and DPA 2018 compliance monitoring – including managing your GDPR compliance action plan:
Unlimited telephone and email advice within UK business hours via your dedicated GRCI Law DPO consultant;
GDPR documentation review (policies and procedures) including a legal review for suitability and guidance on applicability Hands on support with the creation and maintenance of your personal data processing register (Article 30 record);
Assistance with information collection to identify personal data processing activities, verifying data processing activities are GDPR and DPA 2018 compliant;
Guidance on handling DPIAs (data protection impact assessments), DSARs (data subject access requests), data breach monitoring, management and reporting;
Support and advice on delivering GDPR staff awareness training;
An annual compliance audit (from year 2);
Monthly activity reports and quarterly management reports; and
Monthly newsletter on important GDPR and data privacy updates.

DPO as a service tiers

Micro

1 - 10 employees

Small

11- 250 employees

Medium

251 - 500 employees

Corporate

501 - 1,000 employees

Conditions:

Support is available between Monday and Friday, 9:00 am – 5:00 pm.
Suitable for organisations where a DPO is required.

Why outsource your DPO to GRCI Law?

We only advise on data protection, privacy, and cyber and information security, which means our team has sector-specific knowledge and experience, and visibility of the latest trends, best practice, developments and challenges.

Our clients view us as part of their teams and we are known for our pragmatic, commercial advice. We won’t just identify an issue or advise on the law, we provide you with a practical solution to suit your specific needs.

Access to a team of expert DPOs;
Cost savings in recruitment, employment and retention – finding an experienced DPO with the right skill set and experience can be time consuming and expensive;
A service that is flexible according to your organisation’s needs, with pricing to match.

"We appointed GRCI Law as our Data Protection Officer back in 2018 having decided to outsource this important service. This was for us definitely the right course of action and GRCI Law have supported us in many different ways including data protection for staff training and specialist advice in a wide range of important areas. In particular, the initial data protection audit created a clear action plan for us to follow and we have benefited from having a good and responsive relationship with our appointed leads at GRCI Law."

-Steve Kind Director of Finance and Operations, Association of School and College Leaders

What are the requirements of the DPO role?

Review and provide guidance on privacy policies, procedures and documentation relating to the processing of personal data - GDPR Article 39(1)(a).
Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) - GDPR Article 39(1)(a).
Advise on the necessity for a DPIA, the manner of its implementation and outcomes - GDPR Article 39(1)(c).
Provide guidance on data breach monitoring, management and reporting - Article 39(1)(a).
Serve as the contact point for data protection authorities for all data protection issues - Article 39(1)(d) and (e).
Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) - Article 38(4).
Facilitate GDPR awareness training and the training of staff involved in data processing operations.
Monitor compliance with the GDPR - Article 39(1)(b).

Why GRCI Law?

Our team of qualified DPOs lawyers, barristers, cyber and information security experts have decades of experience between them and have advised on, created and delivered effective data protection solutions including:

Privacy and information/cyber security compliance programmes; and
Personal data solutions for high-profile organisations, including:

Global multinationals;
International banks, investment companies and leading law firms;
Healthcare providers;
World-leading educational institutions;
The European Council; and
UK law enforcement.

You will be supported by a dedicated DPO with access to the wider GRCI Law team’s knowledge and expertise.
Many of our clients find that they need more support than just a DPO. Our flexible services can grow with your business and adapt to your needs.

Need more information?

For more information about this service or to get a tailored quote, please enquire below and one of our experts will be in touch shortly.

Enquire about this service

Key Contacts

John

Meet the team

About us

We provide a full suite of data privacy services including DPO, breach management, data privacy management, DSAR support, and associated non-reserved legal services.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

Find out more

GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment, which allows organisations to measure their performance against the National Data Guardian’s ten data security standards, providing the assurance to all NHS clients that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law can assist you with all your data privacy requirements.

If you need support to comply with the DSP Toolkit, our sister company IT Governance offers several options to help you meet the exacting requirements.

Stay in touch

Stay up to date with the latest industry news on our blog.

Visit our blog

Follow us on social media

Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.