Outsourced DPO – Managed Data Protection
Outsourced DPO – Managed Data Protection
What is an Outsourced DPO Data Protection Service?
Here at Fox Red Risk, we know that there is no single tool that can make your organisation 100% GDPR compliant so what we do is tailor an approach to GDPR & PECR compliance that is appropriate for your organisation’s specific needs. Whether your business is large or small, Fox Red Risk can help get you on track with GDPR compliance by providing you with a bespoke Data Protection Service through an Outsourced DPO.
Fox Red’s Data Protection Service is for those organisations that are required by new legislation to employ a full-time Data Protection Officer but simply don’t need a full-time DPO. The Data Protection Service is also for those organisations where someone within the organisation has been assigned the role but needs some expert help. The authors of the General Data Protection Regulation (GDPR) understood these situations can happen and so permit a third party to carry out or support the role.
Is an Outsourced DPO expensive?
A Data Protection Service model can be surprisingly cost-efficient as compared to an in-house model – even at scale. The key benefits are on-tap expertise, paying only for what you need which all should lead to reduced data protection risk.
A Data Protection Service can also be a good option should you already know you have very little in place and want to get compliant very quickly with minimum pain. Fox Red Risk’s Data Protection Service can provide your organisation with the tools, templates, policies and procedures needed to support your compliance activities. Not only that but you get subject matter experts who know the data protection regulation inside out.
We keep costs low by using a network of trained Data Protection associates which can expand and contract with demand. We then pass those savings on to you.
What’s included in the core Data Protection Service?
The following are core components of the Data Protection Service (DPaaS):
- Fox Red Risk will become your organisation’s appointed Data Protection Officer and perform the statutory tasks as laid out in Article 39 of GDPR
- Fox Red Risk will be the point of contact for Data Subject wishing to make contact with your organisation
- A Data Protection Specialist will conduct an initial Gap Analysis and make recommendations
- A Data Protection Specialist will work with your organisation to ensure your privacy notices, data protection policies and procedures are adequate to meet the requirements of GDPR
- A Data Protection Specialist will support the organisation in regards to a statutory data protection Authority Audit
- GDPR & PECR Employee Awareness Computer Based Training
- Periodic Management Reporting (either Monthly or Quarterly)
What are the variably costed aspects of the Data Protection Service?
Depending on the size and needs of your organisation, the following aspects of a data protection service can also be provided:
- Advice and Guidance on GDPR Compliance*
- Advice and Guidance on PECR Compliance*
- Supporting the Information Audit Process*
- Support to the Privacy by Design and Default activities*
- Consulting on Data Protection Impact Assessment (DPIA) process*
- Support for the Subject Access Request Process*
- Advice relating to Outsourcing / Procurement as it relates to Data Protection*
*in excess of the days/credits included as part of the core service
What is an Outsourced DPO?
The Data Protection Officer is a person appointed to oversee a Data Controller or Data Processor and their activities pertaining to the processing of personal data of EU Data Subjects. A DPO must be independent and neutral, having a strong knowledge of Data Protection law and associated practices (e.g. Privacy by Design, Data Protection Impact Assessments or Subject Access Requests).
Having Data Protection knowledge is however not enough. The DPO should also have contextual expertise in regards to the industry or sector they operate. If a DPO works in a regulated industry such as Financial Services, then knowledge of other relevant regulation will also be essential to know.
The Data Protection Officer will not only require knowledge of Data Protection law and sector-specific expertise but will also need a high level of personal integrity and professional ethics. It will be incumbent on the DPO to act as a trusted advisor who can balance the risks to Data Subjects and the needs of the organisation.
Transformation Programme Management
Don’t know where to start or don’t have the internal resources to manage your GDPR Data Protection transformation programme? Fox Red Risk can help.
Want to go it alone?
We recognise that for some smaller organisations even an outsourced DPO data protection service is not for everyone and some just want to get the core knowledge and apply that to their own organisation without additional help. If that is the case our Managing Director has written a highly accessible GDPR practitioner guide which is available on our website and also on Amazon (External Link) .
Want to know more about GDPR and PECR from the UK Regulator?
There are lots of useful guides and articles from the UK’s Data Protection Regulator. Click here to find out more: The Information Commissioner’s Office (ICO) (External Link)
The ICO now have a dedicated line to help SMEs with GDPR. This dedicated advice line offers help to small organisations comply with the new data protection law, including the General Data Protection Regulation. The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. As well as advice on preparing for the General Data Protection Regulation, callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information
22301:2019 accountability article 25 article 28 article 35 awareness bcms breach ciso contracts controller cybersecurity data breach data privacy Data Protection data protection officer data protection service Data Subject Access Request DPIA DPO DSAR encryption GDPR incident management information security leadership management Pentest Privacy processor resilience risk risk appetite risk management ROI security security as a service small business strategic strategy Subject Access Request tools transparency vciso virtual ciso