Appointing a DPO

The Problem

Whether you are required to appoint a Data Protection Officer under GDPR or have decided to make a voluntary appointment, there are two fundamental requirements of the DPO position - Independence and Expertise. Both of these characteristics are needed to ensure your DPO is in a position to make a real difference to your privacy culture and provide your organisation with the protection and confidence to move forward, allowing your staff to concentrate on their 'real job' and do what they do best. Your DPO needs to be Available when needed, in the way which fits best with the way your staff and responding in the timescales they need.


The best way for your DPO to be able to protect your organisation is for them to be able to demonstrate their independence and how they protect the rights of individuals. Putting aside this is a requirement in law, it also increases the confidence your staff, customers and business partners have in your appointment of a DPO. Fundamentally, you must be able to demonstrate that there is no conflict of interest between their tasks as DPO and any other role they may fulfil. A number of roles such as those with a senior management position, heads of IT or HR and even some legal advisers have been identified as having a potential conflict of interest.


You wouldn't appoint a head of information security unless they were able to demonstrate expertise and experience of the technical issues at hand. Your DPO is required to have expert knowledge of data protection, not just GDPR. They should have knowledge across all the data protection regimes which apply to your organisation but also the professional and personal qualities which enable them to understand the way your organisation operates and how to implement a privacy friendly culture. This means that more than technical knowledge is required and skills such as operational experience, project and change management can make a real difference to the benefit you see from appointing your DPO.


Your DPO should be able to commit the time neccesary to perform their tasks as required by legislation. This may not always be possible for an internal appointee who has other responsibilities - even when they do not conflict with those of the DPO. Most importantly, your DPO needs to be accessible to your staff, customers and the ICO in an easy and timely manner. For some organisations, this will involve being on site but for most it involves making it easy to get in touch using a number of different means such as email, phone and online contact systems.

Our Solution

Our Data Protection Officer managed privacy service is tailored to your organisation's needs but starts with the appointment of a named individual with internationally recognised data protection qualifications and senior operational management experience to act as your DPO.

Your DPO will inform and advise your management and staff about their obligations under data protection laws and help manage compliance in areas such as:
- Lawful basis for processing 
- Data Protection Registers
- Personal Data Risk Classification
- Staff Awareness and Training
- Personal Data Handling Standards
- Supplier Management
- Policies and procedures 
- Data Protection Impact Assessments
- Privacy by Design & Default
- Risk management
- Incident Management
- Data Subject Rights
Your DPO will have the skills to engage multiple stakeholders across your organisation and will be responsible for providing regular metrics based reports on the progress of your privacy programme.

Tell us how we can help


Your DPO is available through a number of means including regular onsite presence and telephone. Access is given to all members of your staff, customers and business partners as the situation requires. We also make use of technology to ensure interaction with your DPO is as easy and trackable as possible.
  • 24/7/365 telephone line answered in your company name.
  • email led online ticketing system to ensure agreed SLAs are met.
  • time tracking tools to account for budget spend.
  • online access to your DPO's diary.

Test us out for free

Have a data protection query you would like answered? Book a free 30 minute online meeting with a DPO or submit a ticketed data protection query.