Outsourced DPO services
Hassle-free compliance with certified experts leaving you to run your business
Why outsource your Data Protection Officer?
Save money
Outsourcing is a cost-effective solution that saves on recruitment costs, overheads and holiday cover.
Qualified consultants
Our DPOs are certified EU GDPR practitioners guaranteeing to receive expert advice and support.
Technical expertise
As part of a cybersecurity team, our DPOs give technical advice & guidance beyond data protection.
Legal support
Our DPOs are backed by privacy lawyers ensuring our work always meets your legal requirements.
How can a DPO help you?
A DPO is appointed to monitor internal compliance, inform on data protection obligations and act as a contact point for the supervisory authority and data subjects. The responsibilities of a DPO include:
- ICO registration
- Data breach support and response (including liaison with the ICO)
- Breach response
- Data subject access request support (SAR)
- Policy and procedure support and advice
- Data mapping support and advice
- Data Protection Impact Assessments (DPIAs)
- Assisting with customer questionnaires and due diligence
- GDPR and information security awareness training
Your GDPR compliance experts
GDPR states that certain organisations (such as public authorities or those processing sensitive data) are legally required to have a Data Protection Officer, and the ICO recommends every organisation appoints one to manage data privacy effectively. We understand that each organisation works differently and has individual requirements, therefore we have tailored our managed-service packages to suit any business, of any size.
Our DPOs are certified GDPR practitioners and data privacy experts. We support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of data protection. With flexible packages at cost effective rates, you get the service your organisation needs to get ahead of your GDPR obligations.
Our DPO packages
Each of our DPO packages offers a flexible approach to virtual delivery – whether you prefer to communicate through calls, video conferences or emails, we’re here to help. Additional hours/days can be purchased on an ad hoc basis.
| Small Business | Medium Business | Large Business | |
|---|---|---|---|
| Suitable for | Businesses with up to 20 employees | Businesses with 21-200 employees | Businesses with over 201 employees |
| Gap analysis required? |  |  | |
| DPO time | Typically 4 hours per month | Typically one day per month | Customised to suit your requirement |
| Kick-off call | | | |
| Monthly progress call | | | |
| GDPR training portal (beginners & advanced) | | | |
| Notifications service* | | | |
| Annual audit | | | |
| Price | From £595 /month (ex VAT) | From £995 /month (ex VAT) | £POA |
Note: A GDPR Gap analysis is required for medium and large businesses before the DPO service can commence.
*Notification service coming soon. Please speak to your Bulletproof account manager for more information.
Legal and technical expertise
Our team of certified Data Protection Officers and GDPR Practitioners provide robust information security guidance that is supported by the award-winning IP law firm, HGF, if and when required.
Here’s what our customers say about us
We work extensively with Bulletproof both with Cyber Essentials and ISO 27001. I always find the team both helpful and knowledgeable.
Paul NelsonStart your ISO 27001 implementation journey today
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
Data Protection Officer FAQs
A Data Protection Officer (DPO) is the person responsible for:
Outsourcing a data protection officer is more cost-effective than an internal hire, particularly as you only pay for the time you require (save on overheads, holiday cover etc). You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.
The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data.
Any organisation that processes the personal data of people in the EU must comply with the GDPR.
A GDPR implementation can easily coincide with any of the DPO packages we offer. It would usually entail additional hours/days spread across the first few months. Once implementation is complete, DPO time would drop to the standard allocation per month. For more information, please contact us to discuss your requirements.
Additional time can be added on an ad hoc basis. This can be used for implementation, large policy or procedure reviews, data breach support or any other instance where you need more dedicated time with your DPO.
Yes, our team can provide support and advice on how to handle data subject access requests. As part of any action plan for compliance, we would guide you on developing a procedure to follow in the event of you receiving one.
The GDPR applies to all companies and organisations in equal measure although some parts of the legislation may not apply to your business, such as the processing of children’s data and profiling of individuals. At Bulletproof, we have across many sectors both public and private, we are confident that we can help with GDPR compliance in any environment.
Our experts are the ones to trust when it comes to your cyber security
ISO 27001 compliance has helped us improve our security investment and build credibility with our global client base, as well as enabled us to successfully win UK Government procurement contracts. Bulletproof made the whole process easy and effortless from start to finish, strengthening our information security and improving our position in the industry.
Martin Sutherland Adzuna, Head of Finance