Under the GDPR, you must appoint a Data Protection Officer (DPO) if you carry out certain types of data processing activities or you are a public authority. The DPO informs, trains and advises your organisation and employees on data protection obligations, provides advice on data protection impact assessments, monitors compliance with data protection law, acts as a point of contact for data subjects and supervisory authorities, and must be able to report directly to the highest management level in your organisation.

If you choose to appoint Bird & Bird Privacy Solutions as your external DPO, we’ll provide an experienced data protection specialist who will act as your point of contact. Our DPO services offer full access to the know-how and expertise of our top-ranked data protection practice.

Supporting your compliance

After learning more about your data processing activities, we will actively monitor and support your compliance with the GDPR and other data protection regulatory requirements. We will be accessible to individuals, as well as supervisory authorities. We will:

Engage
  • Set up regular, proactive catch-up meetings with you and your key stakeholders to discuss the new data protection initiatives and answer any questions your business functions may have, and any queries or  complaints from individuals or supervisory authorities
  • Schedule periodic reviews with your privacy, legal and IT teams and other privacy staff.
Advise
  • Handle queries from individuals or supervisory authorities
  • Respond to specific requests for advice
  • Conduct data protection impact assessments
  • Assist on your response to data breaches and other incidents.
Check
  • Perform reviews of your departments to assess any changes to their level of compliance.
Train
  • Run training sessions every year, to be delivered in person or online.
Report
  • Deliver an annual report to your senior management team confirming the work we have undertaken and detailing any change in your level of compliance.
Benefits of outsourcing the DPO function

The DPO is required to carry out tasks which draw on a wide skillset, including legal expertise, an understanding of information technology, cybersecurity, business and project management. In addition, your DPO should have proven experience in data protection related issues. Outsourcing your DPO function enables your organisation to rely on a team which utilises this skillset.

The DPO must also be able to act independently, which means that they cannot hold a position within the organisation that would lead him or her to determine the purposes and the means of the processing of personal data. This can be difficult to implement internally since most of your suitable internal resources might also be involved in the decision making about personal data processing.

Outsourcing the DPO function can help you successfully fulfil these requirements.

A unified view of compliance

Our online DPO Dashboard is a comprehensive ‘one-stop shop’ for instructing, reporting and more. This collaborative platform provides complete oversight of ongoing advice, DPIAs and DPO contact requests. It also offers complete transparency on DPO service management, as well as year-on-year reporting and statistics.

Our Data Protection Officer services are provided from our offices throughout the EU by Bird & Bird DPO Services SRL, a Bird & Bird Privacy Solutions service line.

Related materials and downloads

News & Events