Home / GDPR / DPO Services

Data Protection Officer Services

As part of a compliance program, or as  a standalone service we offer an outsourced “DPO as a Service” that meets the requirements of Articles 37-39.

Do you need a DPO to be GDPR compliant?
Two of the most common circumstances where an Australian business that is subject to GDPR must have a DPO are:
  • where you conduct any form of tracking and profiling on the internet, including for the purposes of behavioural advertising;
  • you have a cloud based software service.
An Australian business must have a DPO if:
  • Your core activity consists of data processing operations that require regular and systematic monitoring of data subjects (in the EU) on a large scale. (This includes all forms of tracking and profiling on the internet, including for the purposes of behavioural advertising.); or
  • Your core activities consist of processing on a large scale special categories of data, or personal data relating to criminal convictions or offences.

This service is mandatory for businesses doing certain types of data processing, or can be used by leading businesses who want to be seen to be providing best practice privacy compliance for their customers’, suppliers’ and employees’ private information.

Our DPO service is designed to meet the requirements of Articles 37-39.
DPO as best practice
If you elect to follow best practice you may elect to engage a DPO to help your compliance program. In this case we will provide the same service, as it is subject to the same regulations as a mandatory DPO.

Where your business is not mandated to use a formal Data Protection Officer Service as prescribed by the GDPR, we can offer a similar data protection advisory service, which provides similar benefits, but which is not subject to the GDPR regulatory structure.

Our Data Protection Officer Services or similar unregulated service is provided on a DPO as-a-Service basis, with fixed price, pay by the month, packages reflecting your businesses privacy needs, supported by flexible time and materials for one-off events like data breach notifications.

Data Protection Officer Services
Designed to comply with Articles 37-39
Low

Ideal for small companies with straightforward privacy environment.

  • Awareness training
  • Management briefings
  • Monitoring of compliance programs
  • Data protection impact assessments
  • Record keeping monitoring
  • GDPR personal breach notifications and Australian Privacy Act data breach notifications
  • Requests from individuals who are exercising their rights
  • Liaison with the Supervisory Authority

Any services that exceed the monthly number of hours. This may include work on data protection impact statements, personal breach notices or disputes.

$1,250 Monthly fee
For up to 2 hours services per month.
Additional services at time and materials rates.
Minimum term 12 months.
$1,000 set-up fee.
Regular
Ideal for medium sized companies or companies with more complex privacy environments (e.g. profiling users behaviour, special category data, dealing with children or criminal records)
  • Awareness training
  • Management briefings
  • Monitoring of compliance programs
  • Data protection impact assessments
  • Record keeping monitoring
  • GDPR personal breach notifications and Australian Privacy Act data breach notifications
  • Requests from individuals who are exercising their rights
  • Liaison with the Supervisory Authority

Any services that exceed the monthly number of hours. This may include work on data protection impact statements, personal breach notices or disputes.

$4,800 Monthly fee
For up to 8 hours services per month.
Additional services at time and materials rates.
Minimum term 12 months.
$2,000 set-up fee.
High
Ideal for larger organisations or companies with more complex privacy requirements (e.g. processing large amounts of personal data, significant processing of special category data, auto-decision making, public area surveillance, etc.).
  • Awareness training
  • Management briefings
  • Monitoring of compliance programs
  • Data protection impact assessments
  • Record keeping monitoring
  • GDPR personal breach notifications and Australian Privacy Act data breach notifications
  • Requests from individuals who are exercising their rights
  • Liaison with the Supervisory Authority

Any services that exceed the monthly number of hours. This may include work on data protection impact statements, personal breach notices or disputes.

$8,000 Monthly fee
For up to 16 hours services per month.
Additional services at time and materials rates.
Minimum term 12 months.
$4,000 set-up fee.