Crowley Solicitors’ Outsourced DPO and Data Champion Service
Is your organisation obliged to appoint a DPO or would it benefit from access to a data champion as an advisory service?
When does a DPO need to be appointed?
- if you carry out large scale online tracking of individuals (e.g. online behavioural tracking)
- if you carry out large scale processing of special categories of data* or data relating to criminal convictions and offences
*some examples of special categories of data include: data relating to a data subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, processing of biometric data for the purpose of uniquely identifying an individual, data concerning health
- if you are a public authority
Regardless of whether the GDPR obliges you to appoint a DPO or not, you must ensure that your organisation has sufficient skills and experience to discharge your obligations under the GDPR. Dedicating the oversight function is a smart way to assist with your GDPR compliance.
We offer our outsourced DPO service on an annual basis, which includes:
- High level oversight of your organisation’s data protection and e-privacy compliance;
- Responding to high level queries on the data protection and e-privacy operations of your organisation;
- Integration with any project information management system (PIMS) currently in use within your organisation;
- Directing the update of your organisation’s chosen method of recording compliance – whilst our own preferred method is a living accountability report, we can work within your current compliance records format;
- Attendance at a minimum of two board meetings per year in order to report to the board on data protection and e-privacy compliance matters;
- Availability to respond via telephone, email and, if required, in person, to urgent requests for consultation in the event of security incidents;
- Continued awareness, training and workshops for employees at all levels;
- Advisory function in a data protection impact assessment process; and
- Early-stage consultation with stakeholders internally and externally, providing input at an early stage of project(s) to assist with your organisation’s practice of privacy by design and privacy by default.
Every organisation is distinct, which is why we always carefully tailor our outsourced DPO function to meet your specific needs.
For more information on our outsourced DPO offering please email DPO@crowleysolicitors.ie
Reasons why our Outsourced DPO/Data Champion function works:
- We have the legal and project management know how to answer this onerous need for your organisation
- An Outsourced DPO rules out any conflict of interest
- Our Outsourced DPO service will perform audit functions, training and the full ambit of GDPR and E Privacy compliance for your organisation
- We will help you to make GDPR compliance operational as distinct from theoretical
- We work with software industry leaders to manage your compliance remotely, in real time