Skip to Main Content
Save 25% on selected auditor training courses. Find out more
Data Protection Officer (DPO) as a Service

Data Protection Officer (DPO) as a Service

SKU: 4855
Format: Consultancy
  • Data Protection Officer as a Service offers a complete solution to your data protection officer responsibilities under the General Data Protection Regulation (GDPR).
  • Benefit from a dedicated, independent DPO who will provide unlimited support and act as an official point of contact with your supervisory authority on all data protection matters.
  • This service includes a GDPR documentation review, gap analysis and remedial action plan.
  • DPO as a Service is a subscription product that is billed monthly. (T&Cs apply)  

Virtual DPO services are provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

To purchase online, please see the DPO as a Service on the GRCI Law website.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Data Protection Officer as a Service

DPO as a Service (DPOaaS) is a practical and cost-effective solution for organisations lacking the requisite expertise to fulfil their DPO duties under the GDPR and DPA 2018.

You get direct and fast access to expert advice and data protection law guidance by outsourcing DPO tasks to an external DPO. Our specialists will help you address the compliance obligations of the GDPR while staying focused on your core business activities.

In addition, you are assured of a genuinely independent DPO with no conflict of interest with other business services.

Why outsource your DPO?

Appointing a DPO is legally required for all public authorities and many private organisations under the GDPR and DPA 2018.

Even where the GDPR does not explicitly require a DPO appointment, it is highly encouraged to demonstrate compliance as a matter of good practice.

Many organisations, find that the DPO responsibilities are a challenge to deliver, given the breadth of knowledge required of data processing and data security operations and the requisite familiarity with the legal aspects of the GDPR and DPA 2018.

The Regulation allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, a virtual DPO can help your organisation address its regulatory compliance demands quickly and cost-effectively.

A complete solution to GDPR and DPA 2018 compliance

This outsourced data protection officer service fulfils your DPO responsibilities under Articles 38 and 39 of the GDPR. It includes:

  • Registration as DPO with the relevant supervisory authority.
  • Acting as the contact point with the relevant supervisory authority on all data protection matters.
  • A dedicated data protection officer, available for unlimited email and telephone advice.
  • GDPR compliance monitoring, which includes managing your GDPR/DPA 2018 compliance action plan.
  • A GDPR/DPA 2018 gap analysis and remedial action plan (year 1).
  • An annual compliance audit (from year 2).
  • Hands-on support with creating and maintaining your personal data processing register (Article 30 record).
  • Advising on data protection and maintaining compliance with the GDPR/DPA 2018.
  • Facilitating staff awareness training.
  • Support to identify personal data processing activities and verify that the data processing activities are GDPR compliant.
  • GDPR documentation review (policies and procedures), which includes a legal review for suitability and guidance on applicability.
  • Advice on handling DPIAs (data protection impact assessments), DSARs (data subject access requests), data breach monitoring, management, and reporting; and
  • Monthly activity reports and quarterly management reports.

"Using a structured approach by developing a milestone plan for GDPR compliance for our company, I was able to utilise the guidance and expert knowledge provided by GRCI Law, to deliver the first milestone on time.

The advice given is in a pragmatic easy to understand way and very defined to our business. The continued relationship with this company is providing us with compliance and legal information to avoid any GDPR pitfalls but also, I am confident, will improve our score with GRESBY (Global Real Estate Sustainability Benchmark).

Of note is the professional first-class guidance our GRCI Law Consultant provides on 3rd party data sharing, PECR rules, advice around cookies and IT systems generally.

GRCI Law also have the backup facilities for a continuous service and legal specialist to help with those DPA, data sharing agreements and supplier contract issues."

- A. Goldston, GDPR Officer, Farnborough Airport


"We are a relatively small organisation, and rely on GRCI Law to provide external DPO support. They are able to provide domain knowledge and expertise that we do not have in–house. We have a named person (Sian Wright) who acts as our DPO. She is approachable and quick to respond, has a good understanding of the sector that we are in and the sort of issues that we are facing, and really makes an effort to look into the specifics of every issue that we raise, and offer practical workable solutions. She meets regularly with our working group and is able to provide support and advice on the GDPR-related matters that they raise. And in between meetings she is quick to respond to direct queries."

- Peter Alsop, Finance Bursar, Wadham College, Oxford


"If you require outsourced data protection support for your GDPR compliance, we highly recommend working with GRCI Law. As a specialist in data protection, privacy and cyber and information security law, our DPO has not only provided expert guidance, but she has taken the time to meticulously understand our business and tailors her advice based on the industry in which we operate. The service that is offered is both efficient and flexible and through a mixture of on-site meetings and video calls, it feels as though she has become one of the team! "

- Vickita Reddy, Director of Marketing & Brand – Aviator & The Swan


Benefits of an outsourced data protection officer

A virtual DPO is a practical and cost-effective solution to achieve GDPR and DPA 2018 compliance.


DPOaaS provides access to independent DPOs who can offer fast and efficient advice on data protection compliance.


Get unlimited access to GDPR experts who can offer advice and guidance on compliance-related issues.

  Professional expertise

Our team of data privacy experts can help your organisation with compliance-related tasks, such as data mapping, incident response, and risk assessments.


DPOaaS provides your organisation with an independent DPO. This avoids any potential conflict of interest between the DPO and other business activities.

  Reduce costs

Outsourcing the DPO role saves you costs in recruitment, internal training and other overheads usually associated with full-time employees.



  • The service is available from Monday to Friday, 9:00 am – 5:00 pm, excluding public holidays.
  • The service excludes specific implementation work, such as undertaking a DSAR, reporting or dealing with a data breach, updating policies, drafting contracts, etc.
  • The service is suitable for organisations where a DPO is not required.


  • Your first payment will be taken on the day of purchase, and you will be billed monthly after that. (T&Cs apply)
  • This is a one-year minimum contract that is paid monthly. If you cancel your subscription within the first year, the balance will still be payable.

Need more information?

For more information about this service or to get a tailored quote, please enquire below, and one of our experts will be in touch shortly.

Enquire about this service

Why GRCI Law?

DPOaaS is delivered by IT Governance’s sister company GRCI Law. Our GDPR DPO services have been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy that only advises on data protection, privacy, and cyber security.
  • GRCI Law’s team of qualified lawyers and DPOs have decades of experience in privacy and information/cyber security compliance programmes and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • The GRCI Law team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

"GRCI Law have been appointed as The GORSE Academies Trust Data Protection Officer (DPO) for more than 2 years now. As well as fulfilling the legally required role of DPO, GRCI Law provide in-depth and insightful advice on a range of matters, both formally and informally. This advice includes:

  • responding to Subject Access Requests and Freedom of Information requests;
  • handling minor data breaches including communications with stakeholders, rectifying issues and ensuring risk of repeat is minimised, and were appropriate reporting to the ICO;
  • developing Data Protection Impact Assessments and signing off the final assessments;
  • advice and comments on policies and procedures;
  • and overall strategic advice in developing a robust culture and ethos as a member of the trust’s GDPR Strategic Board.

The advice is always timely and considered, covering both legal requirements but also practical advice in ensuring data protection within the trust is deliverable by the trust and their staff at all levels of the organisation. GRCI Law understands the trust and the personal data we process, and has fully engaged in getting to know our business. This ensures advice is specifically tailored to our setting and organisation, which is invaluable in ensuring actions are implementable and does not unduly disrupt the effective running of our academies.

The access to expert legally compliant advice, alongside timely, proactive and practical assistance to ensure data within the trust is protected is an invaluable service, ensuring the trust can meet it’s legal and moral duties to protect the personal data we hold on behalf of the many thousands of individuals we serve."

- Richard Amos, Strategic Lead Officer, The GORSE Academies Trust


"OASIS Group has used the legal services of GRCI Law over the last few years for data protection matters.

We are provided with legal experts who are dedicated to our account which gives us full continuity of service. These experts have worked on the ‘other side of the fence’, having come from industry, so they really understand the challenges that businesses face when dealing with the complexities of regulations and legislation. Their advice is always simple and pragmatic, and is provided in a way that supports our business rather than in a way that could work against it. They always put our interests first, but at the same time they will balance these against legal or regulatory requirements so that we always do the right thing.

They work across multiple functions in our business rather than just with one individual. This equips them with all of the knowledge that they need to provide us with the right level of support.

The real value of their services comes from their technical knowledge and expertise in data protection law, they always keep up to date with the outcome of data protection legal cases and case law which often set the precedent for their future application. This ensures that we do not fall foul of the law due to the grey areas that sometimes exist.

Our legal representatives are also extremely responsive. When we call on their services, we require a very fast response so that there is no disruption to the service that we provide to our clients. They will always respond within hours, they never let us down, which means that the service we provide to our clients is seamless and reliable.

We have full confidence and faith in their advice. They are true partners and in fact, we regard them as part of our team, we are very grateful for all of their support."

- Nicola Simpson, Group Compliance and Audit Director, Oasis Group


Customer Reviews

SAVE 25%