outsourced data protection officer


Outsourcing your Data Protection Officer can be a cost-effective and efficient way to ensure that your organisation is complying with data protection regulations while allowing you to focus on your core business activities.

At DPAS we understand that some organisations may not want to appoint a full or part-time DPO in-house. There may not be anyone within your organisation who has the experience and qualifications to fulfil the role internally. That is where we can help: we can act as your DPO. Outsourcing the role means you only pay for what you need, and you benefit from our years of experience with one of our in-house Data Protection Consultants.

We can support you onsite or offsite. Your outsourced DPO will work as an extended member of your team. Our service is affordable for all business sizes, starting from just £500 per month.

Still unsure why not take a look at the key benefits in our blog?


VDPO outsourced dpo infographic showing benefits and flexibility of the service

why DPAS

experience icon


All of our Data Protection Officers have a huge variety of industry experience including: Healthcare, Housing, Local Government, Councils, Ambulance Services, Retail, Recruitment, Utilities, Finance, Legal, Real Estate and more.

support icon


With our outsourced DPO services, your organisation gets expert support from a Data Protection Consultant, legal support and technical expertise. We have a 24/7 breach hotline, dedicated DPO support phone line and a secure ticketing system.

client icon


You will also  benefit  from resilience and peace of mind of knowing that there will be always be a DPO from our team available.

working internationally icon


By outsourcing your DPO services, your organisation gets expertise, advice and guidance whenever you need it. 




  1. What does being a Data Protection Officer (DPO) entail?

The Data Protection Officer is a role enshrined in the General Data Protection Regulation (GDPR) (Section 4, Articles 37, 38 and 39). The main responsibilities of a DPO are; 

  1. I have made a complaint about the Data Controller, what happens next?

As a DPO, we act with an impartial and confidential manner. We will review your complaint and assess the nature of it. If it is in scope with the law and lies within our duties, we may decide to investigate further. It is important to note that this may take some time as we collect all the facts of your case before responding to both you and the Data Controller. 

  1. How long will it take for my complaint to be resolved? 

In order to fully respond to your complaint, we will need time to assess, review, seek further information from the data controller, and assess compliance to the law, regulations and policies. We may need to seek advice from the ICO, time frames will be case dependent. 
We are unable to give a timescale for the conclusion of our enquiries, but we will communicate frequently to ensure you are informed throughout the process. 

  1. Will you share my complaint with the Data Controller?

We must work with the Data Controller and the Data Subject to resolve Data Protection concerns. We are employed by the Data Controller who will receive a confidential report – a summary of which you will also receive. Our duty of confidentiality extends to this work; however, we will be as open and transparent as we can when responding. There will be some cases whereby we need to share your personal information, however, we will only do this if absolutely necessary, and you will be notified prior to it happening. 

  1. How do I know my case will be handled confidentially?

Under the law, we have a requirement to keep all matters confidential. Within DPAS the qualified DPO’s will be the only individual’s investigating your complaint. We will be required to share your details with the Data Controller in some cases to reach a determination of the facts. This will only happen when it is deemed necessary. We are required to retain your information for some time to demonstrate compliance with the law. The details of this can be found in our privacy notice which can be found on our website. 

  1. Do you act independently to the organisation you are working on behalf of?

We are hired under a service contract, therefore we are not employees. This allows us to be truly independent of the Data Controller as defined within the law. 

  1. Who are the Data Protection Officers that work for DPAS?

Our Data Protection Officers are in some cases legally trained and in all cases, those dealing with your cases will have had advanced training on our Certified Data Protection Officer training program. The DPO assigned to your case will have knowledge of your data controller’s operations. Our Data Protection Officers are supported by our Chief Data Protection Officer, Nigel Gooding who is legally and professionally qualified. 

  1. Are the Data Controllers legally required to follow your advice?

No, the Data Controller is not legally bound to follow our advice but where they decide not to follow, they have to be clear and provide written evidence regarding their justification. 

  1. What do I do if I want further information or I am not satisfied with the outcome of a complaint?

As we work on behalf of the Data Controller all requests for further information should be sent to them direct.    If you are then not fully satisfied with the response you are within your rights to raise the matter with the Supervisory Authority (ICO). 

Exeter Uni Guild Logo Black

“The University of Exeter Students’ Guild were keen to ensure we were delivering our GDPR commitment on time and on track. Therefore, we needed a qualified Data Protection Officer to monitor our progress, provide assurance that we were on the road to compliance and maintain the role going forward.

We sourced Data Privacy Advisory as they were local and have 20 years Data Protection experience. We are very happy with the high standards of service received and the training provided was not only delivered professionally but completely tailored to our business type. I highly recommend Data Privacy Advisory if you have GDPR worries or you are considering having a Data Protection Officer look after your organisation.”