Skip to Main Content
Coronavirus update: We are open as usual for business. All our consultancy, training, testing and auditing services can be delivered online as normal. Find out more.
GDPR DPO as a service

GDPR DPO as a service

SKU: 4855
Format: Consultancy

DPO as a Service (DPOaaS) is a practical and cost-effective solution for organisations that don’t have the requisite data protection expertise and knowledge to fulfil their DPO (data protection officer) obligations under the DPA 2018 and GDPR.

By outsourcing DPO tasks and duties to a managed service provider, you get access to expert advice and guidance that helps you address the compliance demands of the GDPR while staying focused on your core business activities.

This service is provided by IT Governance’s sister company GRCI Law Limited, a specialist in data privacy, cyber security, and legal and compliance advisory services.

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Outsourcing the DPO role

The GDPR/DPA 2018 recognise the DPO as a key player in facilitating regulatory compliance. Appointing a DPO is mandatory for all public authorities and many private organisations. Even where the GDPR does not specifically require the appointment of a DPO, it is highly encouraged as a matter of good practice and to demonstrate compliance.

Many organisations, particularly smaller ones, may find that the DPO responsibilities are a challenge to deliver, given the breadth of knowledge required of data processing and data security operations, and the requisite familiarity with the legal aspects of the DPA and GDPR.

The Regulation allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, outsourcing these tasks and duties can help your organisation address the compliance demands of the DPA and GDPR while staying focused on your core business activities.

Benefits of an external DPO

  • Practical and cost-effective solution to achieve DPA and GDPR compliance.
  • Access to independent DPO expertise not available internally.
  • No conflict of interest between the DPO and other business activities.
  • Application of best practice in achieving and maintaining compliance with the DPA/GDPR.
  • Cost effective compared to an internal appointment.
  • Access to DPA and GDPR training and compliance solutions.


With this annual subscription service, you will be supported by a qualified DPO team that will serve as the independent data protection expert to your organisation as set out in the GDPR.



< 20


21 – 500


> 500
Dedicated support from a qualified DPO team
GDPR/DPA 2018 gap analysis and report
Prerequisite for the DPO service.
Provide virtual advice and guidance to the organisation on GDPR/DPA compliance Up to 48 hours’ consultation per year Up to 96 hours’ consultation per year Up to 192 hours’ consultation per year
The annual consultation allowance includes the following:      
Review and advise on privacy policies, procedures and documentation relating to the processing of personal data - Art. 39(1)(a)
Oversee the establishment and maintenance of the personal data processing register (the Article 30 Record) - Art. 39(1)(a)
Advise on the necessity of a data protection impact assessment (DPIA), the manner of its implementation and outcomes - Art. 39(1)(c)
The DPIA can be undertaken by IT Governance as a separate service
Provide guidance on data breach monitoring, management and reporting - Art. 39(1)(a)
Serve as the contact point for data protection authorities for all data protection issues - Art. 39(1)(d) and (e)
Provide advice and guidance on responses to privacy rights requests from individuals (information, access, rectification, objection, erasure, right to data portability) - Art. 38(4).
The process management of privacy rights requests is not within the scope of the DPO service
Facilitate GDPR awareness training and the training of staff involved in data processing operations
GDPR Foundation and Practitioner training recommended for the internal data protection representative.
Monitor compliance with the GDPR - Art. 39(1)(b)
Assist clients with information collection to identify personal data processing activities; verify GDPR/DPA compliance of the processing activities; provide advice and guidance on compliance best practice
Quarterly report for senior management to ensure corporate governance of the Regulation
Why GRCI Law

Why choose GRCI Law?

DPOaaS is delivered by IT Governance’s sister company GRCI Law and has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA (Data Protection Act) 2018.

  • Unlike other organisations, GRCI Law is a specialist legal consultancy, which means we only advise on issues related to data protection, privacy and cyber security.
  • GRCI Law’s team of qualified lawyers, DPOs, solicitors and barristers has decades of experience in privacy and information/cyber security compliance programmes, and personal data solutions for high-profile organisations.
  • GRCI Law takes a strategic approach to assessing and managing your data privacy needs, aligning standards and best practices with your operational and business requirements.
  • As a sister company of IT Governance, you have direct access to cyber security specialist expertise, if needed.
  • Our team has experience with global multinationals, international banks, investment firms and leading law firms, healthcare providers, world-leading educational institutions, the European Council, and UK law enforcement organisations.

Download GRCI Law’s corporate brochure to find out more about their services.

Customer Reviews

This website uses cookies. View our cookie policy