Data Protection
Support Services


Support Services

Outsourced Data Protection Office (DPO) Services

The GDPR makes it mandatory for certain organisations to appoint a DPO.

Even for organisations where there is no mandatory obligation to appoint a DPO, it may be useful to appoint a DPO or designated data protection manager on a voluntary basis.

By appointing a DPO, organisations can demonstrate accountability and facilitate compliance with their data protection obligations. For organisations that do this well, data protection compliance can become a competitive advantage, setting your organisation apart from competitors and building
trust and confidence amongst customers, consumers and other key stakeholders.

For those organisations who do not wish to appoint a staff member as their DPO, Pembroke Privacy offers an outsourced DPO service.

How our outsourced DPO service works:

A Pembroke Privacy outsourced DPO will be appointed to your organisation for an agreed term. Your outsourced DPO will be your own dedicated DPO resource supported by a panel of Pembroke Privacy data protection consultants with access to Pembroke Privacy’s toolkit of data protection know how, technologies and processes.

Your outsourced DPO can either work in house or off site or a combination of both, depending on your requirements.

At the beginning of the engagement there will be an immersion period when your outsourced DPO will be inducted into your organisation so he/she gains a deep understanding of your business and gets to know staff members.

Your outsourced DPO will play a key role in fostering a data protection culture while understanding the complexities and demands of your business.



What your outsourced DPO can do for your organisation:

  • Monitor your compliance with the GDPR and local data protection laws.
  • Undertake a GDPR maturity assessment to identify areas requiring attention.
  • Oversee and manage your data protection compliance process.
  • Advise and inform you on data protection matters and issue recommendations.
  • Create a data protection compliance framework using the IAPP Certified Information Privacy Management (CIPM) Framework.
  • Create your Data Protection Manual including policies, procedures and protocols.
  • Create and maintain a record of data processing activity.
  • Carry out an audit of third-party processor (suppliers) contracts and activities to ensure the required contracts are in place and that processors are fulfilling their data protection obligations.
  • Review data/records management: data retention and deletion; purpose limitation and data accuracy.
  • Act as a contact point for supervisory authorities, data subjects and employees.
  • Assist with the creation of your Data Protection Impact Assessments (DPIAs) process, advise and assist with this process and monitor its performance.
  • Review and monitor the security of your data processing.
  • Manage your Personal Data Security Breach process.
  • Provide training to employees on data protection awareness and other important aspects of data protection such as your data security breach procedure and data subject access request protocol.
  • Work with senior/middle management to ensure a privacy by design approach to data protection and to set key performance indicators (KPIs).
  • Report to the Board and Senior Management.

Benefits of engaging an outsourced DPO

  • Whether you are required to appoint a DPO or you wish to do so voluntarily, you can appoint an outsourced DPO without the need to engage a full-time employee.
  • You can avail of your outsourced DPO as and when you need it without the burden of employing a member of staff.
  • Outsourcing the DPO role helps to ensure your DPO can perform his/her tasks with a sufficient degree of autonomy and in an independent manner within your organisation.
  • Engaging an outsourced DPO resource also helps to avoid possible conflict of interests between the duties of your DPO and other interests with your organisation.
  • Your dedicated outsourced DPO can draw on the expertise and experience available to him/her of the Pembroke Privacy panel of data protection consultants combining individual skills and strength to best serve your requirements.
  • You will have access to a high level of data protection expertise and experience while freeing up internal resources.
  • Your outsourced DPO will have access to Pembroke Privacy products and tools, such as our gap assessment / compliance review process, our Data Protection Impact Assessment process and our e-learning products to ensure that you can fulfil your data protection compliance obligations efficiently and cost effectively.
  • All Pembroke Privacy’s outsourced DPOs are qualified lawyers with globally recognised data protection certification (CIPP/E; CIPM). They are experts in European and Irish data protection legislation and have an in-depth knowledge of the GDPR.



Enquire Now

Have a Question?

Ask below: