Data Protection Advisor

Trusted by over 1,000 customers

The advice provided useful information and materials for passing an external Audit, as well as a knowledge transfer for our DPO. DPA’s staff clearly love their jobs, they were all very passionate about Data Protection.

Jessica Vautier

Waterfront Law

The Consultants provided a great overview of the ISO 27000 standards, how they could help us meet not only GDPR requirements but also see value in other regulatory and contractual obligations. Johns team is an excellent blend of experience, attitude and support, offering service way beyond what we have previously experienced with Consultants.

Mikael Nilsson

PMI Consultant

This course was a comprehensive introduction to GDPR. The course covered all of the areas needed to help us understand whether a Compliance Programme was a need for our organisation. We subsequently gave DPA a contract to define our GDPR scope and implement the required solutions.

Adam Penman

McGuire Woods

Build trust and gain Value with

our DPO As a Service solution

Every organisation now processes large volumes of Data. So why then, do so few understand whether this processing is in Compliance with Regulatory and Contractual demands? One common reason, is a lack of specialist advice. Thankfully, we can help.

“Data Protection Advisor’s team of DPO’s helped us move from a box ticking exercise of Audit, to seeing value in our process-ing. We no longer only process data to serve our Customers, we can also better harness what we already had – the ability to monetise our Data assets.”

Gain Compliance oversight in a few simple steps

Through a series of interviews, documentation analyses, technology assessments and a site visit where necessary, we can provide a Risk based, prioritised plan of action leading to GDPR Compliance.

“The process to better understand our Compliance needs was made simple by the professionalism of the Privacy Auditor team. Managed perfectly, they worked with our Global team to conduct interviews, arrange site visits and conduct large scale documentation reviews. The Project Plan was easy to consume and allowed us to award the team an implementation Project too.”

Find out More

The Data Protection Advisor Difference

Our team becomes an extension of yours

Hand picked people

All of our DPO’s have a minimum of 25 years industry experience. We make a point of matching our skills with your needs. With individuals who complement your business, you can be assured they’ll truly reflect how to engage with your data subjects.

Award-winning Culture

We don’t just talk the talk, we also walk the walk. As an ISO9001 Certified organisation, we provide quality of service from our initial chat, all the way through to service fulfilment. Constantly evolving, by constantly communicating, we grow our staff, as well as our customer service, in line with our ethos of “always listening”

Personality & Warmth

Be it over the phone, or via online interaction, we believe Customer service is at the heart of our success. Face to face, one to one, that is our approach to service provision, ensuring your customers can trust and gain confidence in you, and in turn, keep coming back to you.

Get a Quote

Three reasons to choose us as your Data Protection Advisor

Get a Quote

Privacy FAQ’s

Your questions- Answered

What are the penalties for non-compliance with GDPR?

Non- Compliance with GDPR may lead to fines for both large and small businesses. the amount of the GDPR fine is dependent on may factors. It will for instance make a difference if non-compliance was deliberate or due to negligence and how well your business cooperates with the authorities. The upper limits of GDPR penalties are:
. up to £87 million or 2% of annual global turnover ( whichever is higher) for less serious infringement. And fines of up to £17.5 million 4% of annual global turnover for severe infringement.
In addition to these fines , companies may have to pay compensation to affected persons.

Why should be care about GDPR compliance?

GDPR was developed to protect the fundamental rights of data subjects. For organisations, Compliance protects not only the people but the company itself. By following GDPR requirements, companies ensure privacy of your customers, employees and contacts data sets. Being GDPR compliant brings several business benefits, including greater trust and confidence between organisation and the data subjects, improved data security, reduced data maintenance costs, alignment with latest technology, and better decision-making for companies. Also, complying with the GDPR helps in the minimisation of data breach risks that could not only lead to fines, but can also negatively affect the brand image.  

Which organisations must appoint a DPO under GDPR?

Under the UK GDPR, an organisation must appoint a DPO if it’s a public authority, its core activities involve large scale data processing that requires regular and systematic monitoring of individuals, or if its core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences. Although there is not a legal requirement to hire a DPO once a certain number of employees is reached, many companies still opt to appoint a DPO in order to provide the advice needed to develop compliant data processing solutions.  

Why is GDPR important?

GDPR is essential because it improves the protection of data subjects' rights and clarifies what companies must do to safeguard these rights whilst processing personal data. Within the UK, GDPR led to the creation of the Data Protection Act (2018), which superseded the previous 1998 Data Protection Act.

What can an Outsourced DPO do for our organisation?

An outsourced DPO can help to develop your organisation by facilitating compliance with data protection regulations such as GDPR. They can help mitigate risks associated with data breaches, develop business processes that protect, and advise on which controls equate to compliance. In turn, outsourced DPO's can provide value, through optimisation of risk, resource utilisation and benefits realisation.

Which organisations are affected by the GDPR?

The UK GDPR applies to all organisations based in the UK that process personal data. It also applies to controllers and processors based outside the UK if their processing activities relate to offering services to organisations in the UK.

What are the advantages of an outsourced Data Protection Officer compared to an internally appointed DPO?

When deciding whether to appoint an outsourced Data Protection Officer, factors such as position, costs, expert knowledge, acceptance, liability, and availability must be considered. An internal employee may still have to acquire the necessary expertise whereas an outsourced DPO already comes certified and with well-rounded experience. An external data protection officer can minimise the organisation's liability and is always up to date with the latest developments in data protection law.

Are we a Data Controller or Data Processor under GDPR?  

A fundamental question to ask as it determines your obligations. A data controller is a person or organisation who determines the purposes and means of processing. The data processor on the other hand is an entity that processes personal data on behalf of the data controller and in accordance with its instructions. As it is the primary responsibility of a data controller to safeguard the processing of personal data, they can be held liable for any non-compliance of the data processor. 

What is the DPO’s role in a DPIA?

Firstly, the DPO can help you understand when a data protection impact assessment (DPIA) is necessary according to GDPR. They will then assist with defining a DPIA process and triggers. A DPO can then help to define the criteria by which the DPIA is carried out and the subsequent activities such as development of a risk treatment plan.

How much does an external DPO cost?

External hybrid providers such as ourselves offer monthly package prices starting at around £195 per month. However, since different services are included under the umbrella term "outsourced data protection officer", the usual monthly costs vary significantly. The price always depends on the complexity and scope of data processing activities your company carries out. Factors such as the number of employees and your industry will influence the costs. When comparing offers, keep an eye on the total costs, but also the detailed services that external partners offer.

Get a Quote