Skip to Main Content
Steer your organisation safely through 2021 and navigate to cyber safety with IT Governance. Find out how
DPO as a Service

Data Protection Officer (DPO) as a Service

SKU: 4855
Format: Micro 1 - 10 employees
Published: 23 Jun 2020
Availability: Available
Format: Small 11 – 250 employees
Published: 23 Jun 2020
Availability: Available
Format: Medium 251 – 499 employees
Published: 23 Jun 2020
Availability: Available
Format: Corporate 500 – 1000 employees
Published: 23 Jun 2020
Availability: Available
  • A complete solution to your data protection officer (DPO) responsibilities under the General Data Protection Regulation (GDPR).
  • Benefit from a dedicated, independent DPO who has no conflict of interest with other business services.
  • GDPR documentation review, gap analysis and remedial action plan.
  • Unlimited access to the GDPR Advice Service – get answers to your GDPR questions quickly.
  • An official contact point with your supervisory authority on all data protection matters.
  • DPO as a Service is an annual subscription product that is billed monthly. (T&Cs apply)  

Virtual DPO services are provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

 COVID-19: remote delivery options

We want to reassure our clients that all consultancy services will go ahead as scheduled during the COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow us to provide consultancy services remotely where necessary. Please also refer to our COVID-19 policy.

Price: £750.00
ex. VAT

Data Protection Officer as a Service

DPO as a Service (DPOaaS) is a practical and cost-effective solution for organisations lacking the requisite expertise to fulfil their DPO duties under the GDPR and DPA 2018.

By outsourcing DPO tasks to a virtual DPO, you get direct and fast access to expert advice and data protection law guidance. Our specialists will help you address the compliance obligations of the GDPR while staying focused on your core business activities.

In addition, you are assured of a genuinely independent DPO with no conflict of interest with other business services.

Why outsource your DPO?

Appointing a DPO is mandatory for all public authorities and many private organisations under the GDPR and DPA 2018. Even where the GDPR does not explicitly require a DPO appointment, it is highly encouraged as a matter of good practice and to demonstrate compliance.

Many organisations, particularly smaller ones, may find that the DPO responsibilities are a challenge to deliver, given the breadth of knowledge required of data processing and data security operations and the requisite familiarity with the legal aspects of the GDPR and DPA 2018.

The Regulation allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, a virtual DPO can help your organisation address its regulatory compliance demands quickly and cost-effectively.

A complete solution to GDPR and DPA 2018 compliance

This all-encompassing GDPR DPO service fulfils your DPO responsibilities under Articles 38 and 39 of the GDPR. It includes:

  • Registration as DPO with the relevant supervisory authority;
  • Acting as the contact point with the relevant supervisory authority on all data protection matters;
  • A dedicated DPO manager;
  • GDPR compliance monitoring, which includes managing your GDPR/DPA 2018 compliance action plan;
  • A GDPR/DPA 2018 gap analysis and remedial action plan (year 1);
  • An annual compliance audit (from year 2);
  • Hands-on support with creating and maintaining your personal data processing register (Article 30 record);
  • Advising on data protection and maintaining compliance with the GDPR/DPA 2018;
  • Facilitating staff awareness training;
  • Support to identify personal data processing activities and verify that the data processing activities are GDPR compliant;
  • Documentation review (policies and procedures), which includes a legal review for suitability and guidance on applicability;
  • Advice on handling DPIAs (data protection impact assessments), DSARs (data subject access requests), data breach monitoring, management and reporting; and
  • Monthly activity reports and quarterly management reports.

Includes unlimited access to the GDPR Advice Service

  • Receive unlimited GDPR/DPA 2018 advice and support from data privacy experts on any GDPR and data privacy issues (as they relate to the UK).
  • Get direct access to a team of experienced data privacy lawyers and DPOs.
  • Ask your expert any question about complying with the GDPR or other data privacy challenges.
  • Receive a monthly newsletter on important GDPR/ DPA updates.
  • Enjoy discounts on additional hours for execution/implementation.

Benefits of an outsourced data protection officer

A virtual DPO is a practical and cost-effective solution to achieve GDPR and DPA 2018 compliance.


Direct access to independent DPO expertise.


Get unlimited GDPR advice and guidance.

  Professional expertise

Application of best practice in achieving and maintaining compliance with the GDPR and DPA 2018.


No conflict of interest between the DPO and other business activities.

  Reduce costs

Outsourcing the DPO role saves you costs in recruitment, internal training and other overheads usually associated with full-time employees.



  • The service is available from Monday to Friday, 9:00 am – 5:00 pm, excluding public holidays.
  • The service excludes specific implementation work, such as undertaking a DSAR, reporting or dealing with a data breach, updating policies, drafting contracts, etc.
  • The service is suitable for organisations where a DPO is not required.


  • Your first payment will be taken on the day of purchase, and you will be billed monthly after that. (T&Cs apply)
  • This is a one-year minimum contract that is paid monthly. If you cancel your subscription within the first year, the balance will still be payable.

Need more information?

For more information about this service or to get a tailored quote, please enquire below, and one of our experts will be in touch shortly.

Enquire about this service

Why GRCI Law?

DPOaaS is delivered by IT Governance’s sister company GRCI Law and has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy, which only advises on data protection, privacy and cyber security.
  • GRCI Law’s team of qualified lawyers and DPOs have decades of experience in privacy and information/cyber security compliance programmes, and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • The GRCI Law team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

Customer Reviews

This website uses cookies. View our cookie policy
WIN £100