Your outsourced DPO service

Outsource your requirements to avoid the challenges and expense of recruiting an employee.

What is a DPO?

The General Data Protection Regulation (GDPR) makes it compulsory for some organisations to appoint a data protection officer (DPO), an expert in data protection law and practice. Effective from 25th May 2018, the GDPR brings sweeping changes and potential fines of up to 4% of worldwide annual turnover (or €20,000,000). However, hiring a full-time DPO is likely to be challenging –  and expensive –  due to a shortage of suitable talent.


The GDPR allows you to fill the role of a DPO using an external service provider. Outsourcing your DPO requirements to ProDPO™ spares you the challenges and expense of recruiting a full time employee.

Hiring ProDPO™ as your external DPO means that you can rely on our expertise in data protection law and practices to:

  • Inform and advise your organisation and its employees on the requirements of the GDPR.
  • Monitor your organisation’s compliance with the GDPR.
  • Advise on data protection impact assessments (which become mandatory under the GDPR for certain activities).
  • Cooperate with the data protection authority, and act as the designated point of contact for the supervisory authority.

Our services

Remote DPO
On-site DPO
Hybrid DPO

We can provide you with an experienced DPO on a flexible and cost-effective basis, as allowed by the GDPR. For example, your designated DPO can be available remotely via telephone and email or on-site.

Also, since organisations typically require greater resources in the early stages of a compliance project, a flexible approach can be adopted, combining initial on-site service with remote support thereafter.

Do I need to appoint a DPO?

The GDPR makes it compulsory for the following types of organisation to appoint a data protection officer:

This image has an empty alt attribute; its file name is Public-authorities_img1.jpg

Public authorities

This image has an empty alt attribute; its file name is systematic-monitoring_img2.jpg

Organisations whose core activities require regular and systematic monitoring on a large scale (e.g. web analytics businesses)

This image has an empty alt attribute; its file name is special-categories_img3.jpg

Organisations whose core activities consist of large scale processing of special categories of data (such as information concerning individuals’ health, race or sex life or sexual orientation)

This image has an empty alt attribute; its file name is the_next_steps_img4.jpg

Even if your organisation does not fall under one of these categories, you are encouraged to appoint a DPO on a voluntary basis

Struggling to recruit a DPO? Don't need someone full-time?

If you have any questions please get in touch on or 020 3697 7206