The Data Protection Officer – Legal Team – The Data Protection Unit


At DPAS we have spent the last two years helping Organisations of all shapes and sizes. Becoming more data aware is not always simple. We’ve helped many large Organisations to set up their data protection processes. This has included changes to ensure they were ready, and able, to handle data protection issues internally.

We are often asked ‘what is the best way to set up data protection governance within the Organisation‘.

We’ve worked with different Organisations putting in place different structures depending on their current set up. This helps them understand what the future may look like, and how they can best handle data protection internally.

We feel the best way to handle Data Protection within many Organisations is as follows.

How to set up your Data Protection Governance

We understand that some Organisations will not have the legal requirement to have a Data Protection Officer. Having that confidential independent DPO is often good practice in Organisations that process lots of data.

Most of our clients that we work with are now set up in the above way. They now use DPAS for external independent DPO advice as and when required. Most only using us a couple of days per month.

The role of the Data Protection Unit is as follows.

  • Deals with transactional activity from the business and data subjects
  • First point of contact in the business, 1st line SME
  • Manages SAR, Rights to and Assurance
  • Guardian of Policies, Procedures, DPIA and guidance
  • Manages training delivery
  • Manages IG governance & reporting
  • First call on breach incident
  • Leads relationship with DPO
  • Filters organisational escalation to Legal team – 2nd Line

There are many benefits to having a Data Protection Unit.

  • Provides IG control within the business
  • First point of contact in the business, 1st line SME therefore ensuring a single point of contact.
  • Manages SAR, Rights to processes ensuring delivery
  • Provides consistency in Policies, Procedures and guidance for DPIA
  • Manages training delivery to ensure compliance
  • Manages IG governance & reporting for business
  • First call on breach incident and decides escalation to DPO
  • Leads relationship with DPO ensuring only assurance
  • Filters organisational escalation to Legal team
  • 2nd Line to ensure that legal team only deal with 2nd line enquiries

We can help you to put in place structures like the above. Additionally, we can train those sitting in the Data Protection Unit: ‘data protection managers’, ‘data champions’, ‘data guardians’ and so forth.

If you’d like to learn more about how to set up your data protection governance, get in touch today.

data protection officer legal team delivery triangle

RECENT POSTS