Αssist as external DPO or as part of your DPO team
In accordance with GDPR, the DPO function can be outsourced. Choosing this option your company ultimately:
- Avoids the imposition of sanctions by supervisory authorities (the person from our team, which assumes the role of the DPO, has the experience to handle all the communications with the authorities, in order either to file questions or to provide documents – even if your company has not yet met all you are the requirements of GDPR – to the supervisory authorities);
- Avoids the difficulties and costs of recruiting, adapting and retaining an employee in a DPO position;
- Employs an external DPO, who is in any way exempt from potential conflicts of interest which would very likely be raised by the appointment as DPO of the chief officers of the internal audit, risk management, compliance, the in-house legal counsel, who are usually the first persons the company considers to assign DPO duties.
As external DPO or member of your DPO team, we offer the following services:
- We become your company’s reference point for the Personal Data Protection Authority, in this role handling any needed communication and cooperation with the authority.
- We perform monthly meetings with the competent persons within your company, in order to resolve issues and provide advice on the company’s obligations in relation to GDPR as they are shaped by current practice and case law.
- We monitor the company’s GDPR compliance in a regular basis. This entails (a) carrying out internal inspections, especially when untrained employees are hired who may violate the Regulation out of ignorance, and (b) providing suggestions to the upper management regarding, for example, corrective actions that needed to be taken when the company is restructured, namely when the company’s schema or business activity geographical area changes (new departments, branches or offices are introduced).
- We inform company executives about policy changes or security procedures, when required.
- We keep an existing personal data processing file, where required.
- We provide advice on updating any existing DPIA when new projects or processes which include personal data are implemented.