interim DPO SERVICE
INTERIM DPO SERVICE
Ensure you have the essential cover you need while your Data Protection Officer is away with our interim DPO service. We have the best DPOs on hand to work temporarily within your organisation, offering their knowledge and support.
Our team of qualified DPOs have experience in financial services, retail, IT, health, central and local government, recruitment, education, travel, transport, and leisure services. Because of this, we have the knowledge to hit the ground running in a range of organisations and industries.
why DPAS
INDUSTRY EXPERIENCE
All of our Data Protection Officers have a wide range of public and private sector experience. Including industries such as healthcare, local Government, ambulance services, retail, recruitment, finance, legal, real estate and more.
EXPERT SUPPORT
If you use our interim DPO services at any level, your organisation gets: subject matter expert support, legal support, and technical expertise. We also have a 24/7 breach hotline, dedicated DPO support phone line, and a secure ticketing system.
PEACE OF MIND
You will also benefit from resilience and peace of mind, knowing that there will be always be a DPO from our team available.
HERE WHEN YOU NEED US
By outsourcing your DPO needs, your organisation gets expertise, advice and guidance whenever you need it.
Our interim DPO service includes:
- Named Data Protection Officer with 20 years’ experience, registered with the ICO
- Additional Named Deputy Data Protection Officer
- 24/7 Data Breach Hotline
- Expert advice whenever you need it
- Advice, assurance, and guidance on Data Protection Impact Assessments
- Yearly data protection Audit and Risk Assessment
- Co-operation with the ICO on behalf of the organisation
- Access to full suite of template policies, ready to roll out throughout your organisation
- Ongoing monitoring of compliance to data protection laws relevant to the industry
- Raising awareness of data protection within organisations via monthly staff bulletins.
Ad-hoc inclusions if required:
- Compiling of record of processing activities, including the legal bases for processing data
- Compiling and management of a risk register for the organisation including advice, recommendations, and mitigation
- Gap analysis
- Recommendations for actions required to fulfil data subjects’ rights
- Management of data protection impact assessments
- Recommendations on revised compliance policies and processes
- Information security recommendations
- You get an interim DPO with experience, along with access to knowledge, tools, templates with understanding of all the recent published guidance and case law
- Our interim DPOs are able to hit the ground running
- Avoid fixed cost whilst ‘skills transfer’ to permanent staff takes place
- A safe pair of hands whilst you are recruiting for a permanent DPO
- An interim DPO on site in days rather than months
- Ensures your organisation isn’t at risk and vulnerable while you have no DPO
1. What does being a Data Protection Officer (DPO) entail?
The Data Protection Officer is a role enshrined in the General Data Protection Regulation (GDPR) (Section 4, Articles 37, 38 and 39).
The main responsibilities of a DPO are:
- To inform and advise the Controller or Processor of their obligations under data protection law, regulations and guidance.
- Monitoring compliance with GDPR and any other data protection provisions including; assignment of responsibilities, policies, procedures, awareness-raising and training. This is conducted through assurance and audit activity.
- Supporting data privacy by design efforts at the initial design phase by providing advice, where requested, relating to Data Protection Impact Assessments and monitoring their performance.
- Communicating and co-operating with the Supervisory Authority (The Information Commissioner’s Office – ICO, in the UK) on matters relating to data protection or compliance.
2. I have made a complaint about the Data Controller, what happens next?
As a DPO, we act with an impartial and confidential manner. We will review your complaint and assess the nature of it. If it is in scope with the law and lies within our duties, we may decide to investigate further. It is important to note that this may take some time as we collect all the facts of your case before responding to both you and the Data Controller.
3. How long will it take for my complaint to be resolved?
In order to fully respond to your complaint, we will need time to review the matter, seek further information from the data controller, and assessing compliance with the law, regulations, and policies. We may need to seek advice from the ICO, and time frames will vary depending on each individual case. We are unable to give an exact timescale for the conclusion of our enquiries, but we will communicate frequently to ensure you are informed throughout the process.
4. Will you share my complaint with the Data Controller?
We must work with the Data Controller and the Data Subject to resolve Data Protection concerns. We are employed by the Data Controller who will receive a confidential report – a summary of which you will also receive. Our duty of confidentiality extends to this work. However, we will be as open and transparent as we can when responding. There will be some cases whereby we need to share your personal information. We will only do this if absolutely necessary, and you will be notified prior to it happening.
5. How do I know my case will be handled confidentially?
Under the law, we have a requirement to keep all matters confidential. Within DPAS, the qualified DPOs will be the only individuals investigating your complaint. We will be required to share your details with the Data Controller in some cases to reach a determination of the facts. This will only happen when it is deemed necessary. We are required to retain your information for some time to demonstrate compliance with the law. The details of this can be found in our privacy notice which can be found on our website.
6. Do you act independently to the organisation you are working on behalf of?
We are hired under a service contract; therefore, we are not employees, which allows us to be truly independent of the Data Controller as defined within the law.
7. Who are the Data Protection Officers that work for DPAS?
All our DPOs dealing with your cases will have had advanced training on our Certified Data Protection Officer training program. Some of our DPOs are also legally trained. The DPO assigned to your case will have knowledge of your Data Controller’s operations. Our Data Protection Officers are supported by our Chief Data Protection Officer, Nigel Gooding who is legally and professionally qualified.
8. Are the Data Controllers legally required to follow your advice?
No, the Data Controller is not legally bound to follow our advice but where they decide not to follow, they have to be clear and provide written evidence regarding their justification.
9. What do I do if I want further information, or I am not satisfied with the outcome of a complaint?
As we work on behalf of the Data Controller, all requests for further information should be sent to them direct. If you are not then fully satisfied with the response, you are within your rights to raise the matter with the Supervisory Authority (ICO).
