DPO as a service

DPO as a service

  • The complete solution to your data privacy responsibilities under the GDPR.
  • Independent DPO service with unlimited access to our GDPR Advice Line for support.
  • Contact point with your supervisory authority on all data protection matters.
  • Unlimited GDPR Advice Line support.
Enquire today
Price: £9,000.00
Excluding VAT

A complete solution to your GDPR DPO responsibilities

This all-encompassing service fulfils your DPO responsibilities under Articles 38 and 39 of the GDPR.

It includes:

  • A truly independent DPO with no conflict of interest with other business services;
  • Registration as DPO with the relevant supervisory authority;
  • Acting as the contact point with the relevant supervisory authority on all data protection matters;
  • Hands-on support with creating and maintaining your personal data processing register (Article 30 record);
  • Guidance on maintaining GDPR compliance;
  • Facilitation of staff awareness training; and
  • Support to identify personal data processing activities and verify data processing activities are GDPR compliant.

What do you get?

  • A dedicated DPO manager;
  • Unlimited access to the GDPR Advice Service (weekdays) – ask an expert anything you want related to your GDPR concerns;
  • A GDPR gap analysis and remedial action plan (year 1);
  • GDPR compliance monitoring:
    • Includes managing your GDPR compliance action plan.
  • GDPR documentation review (policies and procedures):
    • Includes legal review for suitability and guidance on applicability.
  • Guidance on creating and maintaining your personal data processing register (Article 30 record);
  • Guidance on handling DPIAs (data protection impact assessments), DSARs (data subject access requests), data breach monitoring, management and reporting;
  • Support and advice on delivering GDPR staff awareness training;
  • An annual compliance audit (from year 2);
  • Monthly activity reports and quarterly management reports.

How the GDPR Advice Service works

Organisations subscribing to the DPO as a Service also get unlimited access to the GDPR Advice Line, which includes:

  • Guidance from experienced data privacy consultants on GDPR and data privacy issues and the record of processing activity (Article 30 record).
  • Point of contact for DSARs and data breaches.
  • Monthly newsletter on important GDPR updates.


  • Support is available between Monday and Friday, 9:00 am – 5:00 pm.
  • Suitable for organisations where a DPO is required.

Why outsource your DPO to GRCI Law?

Accessing specialist expertise from experienced DPOs with the right skill set to navigate the data processing and data security landscape can be difficult, time-consuming and expensive. By outsourcing to us, your organisation benefits from:

  • Access to a team of expert DPOs with a proven track record;
  • Cost savings in recruitment, employment and retention;
  • Truly independent DPOs, which means there are no conflicts of interest between the DPO and other business services;
  • Access to a team of experts working at the leading edge of their field with visibility of the latest trends and application of best practice; and
  • A service that is flexible according to your organisation’s needs, with pricing to match.

Need more information?

For more information about this service or to get a tailored quote, please enquire below and one of our experts will be in touch shortly.

What are the requirements of the DPO role?

  • Review and provide guidance on privacy policies, procedures and documentation relating to the processing of personal data -GDPR Article 39(1)(a)
  • Oversee the establishment and maintenance of the personal data processing register (the Article 30 record) - GDPR Article 39(1)(a)
  • Advise on the necessity for a DPIA, the manner of its implementation and outcomes - GDPR Article 39(1)(c)
    If needed, the DPIA itself can be undertaken by our sister company IT Governance as a separate service.
  • Provide guidance on data breach monitoring, management and reporting - Article 39(1)(a).
  • Serve as the contact point for data protection authorities for all data protection issues - Article 39(1)(d) and (e).
  • Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, data portability) - Article 38(4)
  • Facilitate GDPR awareness training and the training of staff involved in data processing operations.
  • Monitor compliance with the GDPR - Article 39(1)(b).
    Assist with information collection to identify personal data processing activities; verify GDPR compliance of the processing activities; provide advice and guidance on compliance best practice
  • Produce a quarterly report for senior management to ensure corporate governance of the Regulation.

Why GRCI Law?

We only advise on data protection, privacy, and cyber and information security. Our team of qualified DPOs have decades of experience between them and have advised on, created and delivered effective data protection solutions, including:

  • Privacy and information/cyber security compliance programmes; and
  • Personal data solutions for high-profile organisations, including:
    • Global multinationals;
    • International banks, investment companies and leading law firms;
    • Healthcare providers;
    • World-leading educational institutions;
    • The European Council; and
    • UK law enforcement.
  • You will be supported by a dedicated DPO with access to the wider GRCI Law team’s knowledge and expertise.
  • Many of our clients find that they need more support than just a DPO. Our flexible services can grow with your business and adapt to your needs.

Key Contacts


About us

Led by our management team of experienced DPOs, lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and DSAR support, and associated non-reserved legal services.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.


GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment, which allows organisations to measure their performance against the National Data Guardian’s ten data security standards, providing the assurance to all NHS clients that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law can assist you with all your data privacy requirements.

If you need support to comply with the DSP Toolkit, our sister company IT Governance offers several options to help you meet the exacting requirements.


Stay in touch

Stay up to date with the latest industry news on our blog.

Follow us on social media


Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.

Enquire today