Outsourced Data Protection Officer

27th March 2018


The GDPR recognises the Data Protection Officer (DPO) as a key individual in facilitating your organisation’s compliance. A DPO is mandatory for all public authorities and many private organisations and even where the GDPR does not specifically require the appointment of a DPO, it is highly encouraged as a matter of best practice and to demonstrate compliance.


Organisations who need a DPO may find the responsibilities a challenge to deliver given the extent of expertise required in all aspects of the GDPR and Data Protection law.

The GDPR permits organisations to outsource the DPO role to an external provider. There is a shortage of people sufficiently experienced to deal with the DPO responsibilities, therefore outsourcing the DPO role will ensure that your organisation meets the compliance requirements of the GDPR allowing you to focus your attention on your business.

The Infinite Law Outsourced DPO Service provides a practical, cost-effective, conflict free, professional solution for organisations who do not want the commitment of employing a Data Protection Officer. We are GDPR expert practitioners and we are available 24/7 to manage your GDPR obligations.

The DPO needs to focus on data protection and to be continuously risk aware. Infinite Law does just that.  Our vision is to integrate with your business and build relationships with key personnel and stakeholders so they know who to turn to when they need support.  Given our expertise one of our solicitors will have dealt with the issues that you are facing or something similar.  We have a unique perspective of what a business needs having delivered Information Governance in-house for large public sector organisations.

Infinite Law will take responsibility for monitoring your organisation’s continuing GDPR compliance. As the outsourced DPO, Infinite Law will be the first point of contact with both the Information Commissioner’s Office and data subjects.

Your Infinite Law DPO will report to the highest management level of your organisation, and, by not being an employee, there will be no risk of any conflict of interest within your organisation, which is a difficult obstacle to overcome if employing internally.

The costs in relation to outsourcing the DPO role are significantly less than a salaried employee making it the most cost-effective solution for your organisation and giving you budget certainty.

The Infinite Law DPO is accessible 24/7 and will provide professional, continuous monthly support:

  • Inform and advise the Organisation’s managers and employees of their obligations under the GDPR and other applicable data protection legislation.
  • Monitor compliance with the GDPR and other applicable data protection legislation and with the Organisation’s data protection policies, including:
    • awareness raising;
    • training staff;
    • conducting compliance audits
  • Provide advice, where requested, as regards data protection impact assessments (DPIAs) and monitor their performance.
  • Co-operate with the Information Commissioner’s Office (ICO) as the Organisation’s supervisory authority and any other relevant statutory authority.
  • Act as the contact point for the ICO on issues relating to processing, including where a DPIA indicates the processing will be high-risk.
  • Consult the ICO, where appropriate, on any other matter.
  • Develop and manage the Organisation’s data protection and data privacy strategy.
  • Implement and oversee systems and controls to ensure compliance with relevant data protection legislation and regulation.
  • Inform and train staff on the requirements of the data protection regime.
  • Ensure data processing agreements are in place with third parties handling personal data.
  • Supervise data protection and privacy risk and/or impact assessments.
  • Undertake periodic data protection audits.
  • Investigate, respond to and manage any other complaints or communications relating to data protection, privacy and/or security.
  • Monitor ICO guidance, enforcement actions and policies.
  • Provide advice and guidance to members of staff in respect of any data protection questions, issues or developments.
  • At least monthly submit a report to the Board, which assesses the effectiveness of the Organisation’s data protection arrangements and makes appropriate recommendations for improvement.

The Benefits to your organisation of the Infinite Law DPO Service:

  • A practical solution to ensure GDPR compliance.
  • Access to independent DPO adviser not available internally.
  • No conflict of interest between the DPO and other business activities.
  • Application of best practice to achieve and maintain compliance with the GDPR.
  • Cost effective compared to an internal appointment.
  • Access to GDPR training.

The DPO Service is charged at a fixed monthly price which is determined according to the size/turnover of your organisation or the number of employees, providing you with budget certainty.

We offer all of our services across the whole of the UK

For information on costs click here