"We're entering a new world in which data may be more important than software."
Tim O'Reilly

WHAT?

The Data Protection Officer (DPO) is a function mandated by the General Data Protection Regulation (GDPR) aiming to provide enterprise-wide data security governance. The DPO oversee the data protection strategy and its implementation, so that compliance with GDPR requirements is ensured.

The DPO is responsible for overseeing the proper use of information technology and supplying staff with information and providing training. The DPO is an independent role, thus is not obliged to adhere to instructions issued by other members of staff in performing DPO role-related tasks.

WHO NEEDS A DPO?

Article 37 of the GDPR stipulates that a controller or a processor must appoint a DPO if:

  • You are a Public Authority processing data, or
  • You are a controller or a processor whose principal activities involve large-scale, regular and systematic data processing, or
  • You are a controller or a processor whose principal activities involve large-scale processing of sensitive data (under Article 9) or data relating to criminal convictions/offences (under Article 10)

DPO OUTSOURCING?

In today's competitive market, it may be hard to find a suitable DPO, or it may be more feasible to look for an outsourcing alternative. It would be wise to consider appointing an external Data Protection Officer for reasons of cost, training, skillset and qualifications and assumed liability.

In general, outsourcing the role of the DPO will cost less and your organization will benefit from a team-held knowledge base and experience that is wider and deeper than that of any single person who may be suited for the role in your organization.

TALK TO US

With a DPO from Seven Security Group, you will receive comprehensive services for the statutory data protection support and project management and implementation. We form a business partnership to ensure your compliance with GDPR through one or several of our consultants who will help with and provide:

  • On-site presence
  • Off-site support through Telephone/Skype/Email
  • Activity reports and status discussions
  • Regular data protection newsletter for the responsible persons
  • Support on any number of inquiries relevant to data protection
  • Training any number of employees at corporate headquarters
  • Information obligations according to GDPR
  • Review of privacy policy on the corporate website
  • Data protection impact assessment

  • Implementation consultation and monitoring
  • Commissioned processing with contract inspection and review
  • Help with the process of appointing a full-time DPO in the organization
  • Support Internal audits with reports
  • Draft risk analysis guideline, data protection guideline and manual, protection process control, IT usage guidelines, retention and deletion policy, emergency policy for data breach, data protection policy, authorization allocation guideline, commissioned processing guideline, guideline on data-subjects’ rights, etc.

OUR CONSULTANTS

  • Are experts on data protection
  • Are always up-to-date with current laws
  • Understand your sector
  • Will be the DPO you require, despite the size of your company
  • Will bring an independent, external perspective to the table
  • Are vetted and experienced in both technical and legal matters
  • Will help you ensure legal certainty

PRICING

The monthly costs for an external data privacy officer depend on the size and the industry sector of your company. Based on an initial and ongoing assessment, we will provide flexible, tailored pricing to achieve and maintain GDPR compliance and, at the same time with an eye on cost-effectiveness and feasibility. The service ideology is based on affordability with a maximized value-for-money approach.

Depending on your company’s needs for on and off-site presence, complexity of one-time or ongoing projects and internal and external data prpotection needs and requirements, we will devise the most cost-effective plan to make sure your business model is adequately protected under GDPR.