June 4, 2019
So you’ve decided to hire a data protection officer.
Wise choice. This is a big upgrade for your business in terms of how you manage and secure your data. It’s also a decision that many other businesses are making in 2018 due to recent regulatory changes (yes, we mean you GDPR!) and an overall increase in sensitivity of consumer and business stakeholders to data management vulnerabilities.
Now more than ever there is a need for a living, breathing privacy program which goes beyond a stagnant set of documents kept in the bottom drawer of an administrators desk.
You may not need to render your systems as secure as the Vatican’s archives (whose strongest security asset against data loss is that…they’re offline!), but you’ll go a long way towards keeping your stakeholders’ trust by upgrading your data handling practices with an experienced DPO.
The next step, after deciding to onboard a DPO, is actually finding one.
The International Association of Privacy Professionals (IAPP) estimates that the demand for DPO’s will be somewhere around 28,000 in the EU and United States alone. That amounts to high demand at a time when the DPO role is a relatively new requirement for many international service providers. You do not need a Masters in Linkedinology to know with high demand comes lower supply. Finding the right professional who offers an optimal balance of skill, cost, availability, etc is no easy task.
To Outsource or go In-house – That is the question
If you already had a qualified individual on your team ready to meet the strenuous demands of modern data management, privacy, and protection, you probably wouldn’t be reading this article.
If cost and logistics were no issue, you’d simply bite the bullet and go through the rigorous HR process of candidate selection, interviewing, hiring, completing mandatory employer paperwork, setting up their health benefits, onboarding – stop me if you know this routine.
Once hired, the big benefit of having a DPO on the payroll is that they are at your service full time and onsite for your convenience. As with any full-time employee, choosing a DPO to join the team full time is a big decision. Just as he/she will take time to bring onboard, trading them out is a process in itself.
So then, what about outsourcing? Generally, the process is much quicker. At ApexPriv, we’ve developed a straightforward and painless process for determining a) what your regulatory obligations are, and b) what tasks/services you need in order to meet those obligations.
Although we are physically based in Dublin, Ireland, we have a network of consultants across the globe and we work with many clients in mainland Europe and the U.S. Given our adoption of cutting-edge communication software, our clients are pleasantly surprised at how convenient it can be to have an offsite team of professionals advise them. We make ourselves available any time, which is to be expected since a data breach does not respect time-off nor holidays.
In short, a responsive and knowledgeable virtual DPO is the most practical solution for small to medium enterprises. Here are some of the other benefits of outsourcing your DPO:
- Quick onboarding process (depending on the firm you choose)
- Experience and knowledge of a network of professionals
- Tailored DPO services
- Expertise suited to your particular needs
- Fully credentialed – no training required
- No employer tax or health insurance costs
- 24/7 availability
In addition to the above, using a third party to fill this role reduces the risk of conflicts of interest that may arise if your DPO is in-house and serves other functions in the company. Although these factors add up to clear cost benefit overall, the most important benefit by far is getting the expertise you need to establish proven best-practices and demonstrate to your clients, staff, and shareholders alike that you value their data.
The Outsourcing Process
As we mentioned in the previous section, outsourcing your DPO circumvents a lot of the front-loaded burden on your business and, if you choose wisely, you’ll reap all the benefits that the skills and expertise of an entire company can offer you. In contrast to acquiring an onsite DPO, starting the outsourcing process can be as simple as setting up a consultation, providing pertinent details about your business (including what data you process, how, and why), and tailoring a flexible service to suit your company’s unique data protection needs.
What We Do
The DPO role varies based on your needs. At ApexPriv, our data protection team offers a lot more than box checking, we will work to develop a strategic, fluid and best in class compliance plan. We take care to learn about your unique business needs and goals before conducting a review of the data you process.
Once a level of understanding is developed we will:
- Construct a company privacy framework
- Audit your company’s data processing activities
- Apply a compliance monitoring plan for global data protection laws (not just GDPR!)
- Act as your point of contact for data subjects enquiries
- Liaise with Supervisory Authorities as required
- Develop a relevant and ongoing training and assessment curriculum for staff
- Represent the company on data protection issues during negotiations, fundraising, etc.
- Keep you up to date with evolving industry standards and best practice
- Deliver quarterly compliance reports
Ready to Outsource Your DPO?
If you’re still weighing your DPO options, we can certainly understand. There are a lot of factors to consider. You can connect with one of our privacy consultants for a one-on-one consultation to get all your data protection questions answered simply by going to the contact page of this website.