Brigantia Outsourced Data Protection Officer as a Service(DPOaaS)
Why choose a Brigantia Data Protection Officer (DPO)?
Brigantia provides highly experienced data protection practitioners, working on a part-time basis for each client, to fulfil the necessary legal obligations. Brigantia is very conscious of the need for the DPO to be closely integrated with client teams, as such, the DPO spends time both onsite and remotely, to ensure that the business requirements are well understood and delivered.
Why choose to outsource your Data Protection Officer (DPO)?
A Data Protection Officer (DPO) must:
- Operate at arms-length, independent of core business activities. As such, the DPO must be separate from senior management positions (such as chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) and independent from other roles lower down in the organisational structure if those roles lead to the “determination of purposes and means of processing”;
- Engage directly with the board or highest level of management;
- Be appropriately skilled, including knowledge of legislation, the sector, the organisation, processing operations, IT and data security, with an ability to promote a strong data protection culture across the organisation;
- Be sufficiently engaged by the organisation in its business activities;
- Be provided with sufficient resource.
Once positioned, the DPO’s key tasks include:
- Making the organisation aware of their data protection obligations;
- Advising on Data Protection Impact Assessments;
- Monitoring the performance of data protection controls;
- Liaising with the regulator (ICO) and Data Subjects.
Given these special requirements, many organisations are outsourcing the DPO role. This helps to achieve the necessary mix of independence, skillset and business value. The decision to outsource the DPO services is specifically identified as an option in GDPR.