Should I train a Data Protection Officer or outsource?


A dilemma for any organisation is whether they should appoint and train their own in-house Data Protection Officer (DPO) or if it would make more sense to assign those responsibilities to an outsourced data protection officer. While there’s no objective right or wrong answer, there are some benefits to each that may help you make this decision.

Benefits of an in-house Data Protection Officer


1. They’re a full-time member of the team

An in-house DPO will be a permanent member of your team, and their presence in the office would make their involvement in your organisation more visible. While this wouldn’t affect the quality of their work, perhaps your organisation prefers to have its team together under one roof.


2. They’re all yours

Depending on your organisation’s preferences, it may be favourable to have the DPO’s attention entirely on your business, instead of working with other clients, too. Outsourced DPOs are more than capable of performing just as well while providing their services to other organisations. However, the peace of mind might be something your team would favour.


3. They’re familiar with the organisation

It’s most likely that an in-house DPO will have risen to the position from within the business. The knowledge of your organisation they’ve gained internally could potentially come in handy.

Benefits of an outsourced DPO

1. It’s cost effective

Hiring a full-time Data Protection Officer can be costly. Depending on the size of your organisation, your budget may not easily allow for much in-house expansion, so by outsourcing, you only have to pay for the services as and when you need them. This could be a significant money saver.


2. It improves the team’s focus

With the data protection duties delegated to an outsourced data protection officer, that leaves room for your team to put their full attention on their own responsibilities. Your outsourced DPO’s role would be entirely dedicated to data protection compliance, meaning that you get 100% focus on the task that’s needed.

3. They’re data protection experts

Instead of training your own DPO or going through a lengthy hiring process to find one with the expertise your organisation needs, you can simply outsource the duties to a heavily experienced data protection officer who could be willing to get to work straight away. This saves time and provides you with some reassurance that you’re passing those all-important duties onto somebody who knows what they’re doing.


4. It’s less risky

An outsourced DPO who’s an expert in data protection law will always stay fully up-to-date with the most recent developments. Somebody who’s aware of all current regulations and case law will bring your team a lot less risk than an in-house DPO who may not be as tuned in to the always-changing data protection world.


5. You’ll be more flexible

By outsourcing your DPO, you’ll have more flexibility and control when it comes to scaling your organisation up or down as needed. Especially in times of growth, this extra leeway can be freeing as there’s less to worry about when making changes to your team.

Who needs to appoint a Data Protection Officer?


The UK GDPR states that you’re mandated to appoint a DPO if any of the following apply to you:

  • You’re a public authority or body
  • You regularly and systematically monitor data subjects
  • You process special categories of data on a large scale

But even if you aren’t legally required to have a Data Protection Officer, it may still be a safe idea to do so to avoid the undesirable consequences of being non-compliant with data protection legislation. Not only could your organisation’s credibility and reputation take a huge hit, but by processing personal data unlawfully, your organisation could be fined.

What is the maximum penalty for a breach of the GDPR?


For infringements on the obligations laid out, both the UK GDPR and the Data Protection Act 2018 declare that an organisation can be fined up to a maximum of £17.5 million or 4% of annual global turnover – whichever is greater.

Our advice on outsourcing your DPO


While there are evidently different reasons supporting each option, we would recommend that your organisation considers outsourcing a DPO. The benefits of doing so seem to outweigh those of the alternative and can, most importantly, save your organisation significant costs over time.

But how can you get an outsourced DPO?

Well, at DPAS, we can help you with just that. Among our wide range of data protection compliance services, we can provide you with an outsourced DPO with years of experience under their belt.

Have a read to find out more about our outsourced data protection officer services and how else we can help you.