Outsourced Data Protection Officer (DPO)

Outsourced Data Protection Officer (DPO) in West Cork.

Where you do not wish to employ a DPO directly, we provide an outsourced DPO service.

The GDPR recognises the data protection officer (DPO) as a key player in facilitating regulatory compliance, with their appointment mandatory for all public authorities and many private organisations. Even where the GDPR does not specifically require the appointment of a DPO, it is highly encouraged by the European Article 29 Working Party (WP29) as a matter of good practice and to demonstrate compliance.

I am a ECDPO (European Certified Data Protection Officer) as well as a Certified GDPR  practitioner and so qualified to fully support you in all your GDPR and information security needs including:-

  • IT and cyber security.
  • Internal and external system security testing.
  • Day to day information security best practice based on the risks in organisations of all sizes from sole traders to multinationals.
  • Physical security.
  • Risk management.
  • Guidance on GDPR documentation and data subject feedback
  • Legal interpretation of the GDPR regulation.
  • Current privacy guidance, case law and legislation.

By outsourcing this requirement to us you benefit in the following ways:-

  • Reduced costs.
  • Have someone who is independent of your IT and operations teams as required by the regulation.
  • Have access to a team who are working and trained in GDPR and information security.

We as part of our DPO service do the following:-

  • Keep the business owners aware of any changes to data protection requirements that may possibly impact their business.
  • Initial audit/gap analysis when we start the service to ensure the business owners are fully aware of the GDPR status for their organisation.
  • Annual audit to inform the business owners of the GDPR status for their organisation.
  • Annual internal vulnerability scan using industry standard tools.
  • Monthly external vulnerability scan using industry standard tools. (in some high risk cases this can be done 3 monthly (as required for PCI DSS compliance for taking credit card payments) or monthly where high risk data is processed in high volume. (this includes any websites any data circuits into the business sites)
  • Keep the business owners informed of any major threats that appear.
  • Annual staff data protection training. (targeted for the type of work done by the organisation)
  • Support any data process impact analysis reviews that are done.
  • Support you with any interaction with the data commissioner and or data subjects.
  • Review and advise on recommended actions in the event of any data breach.
  • Assist with risk management.

We can also support and advise on any new or proposed procedures or system design work-streams that need to be aligned and meet the GDPR requirement of “secure by design and by default”


The General Scheme of the Data Protection Bill 2017 has been published by the Department of Justice and Equality. The bill gives further effect to the Regulation under Irish law. Interestingly the General Scheme provides that ‘pursuant to Article 37.4, the Minister may…make regulations requiring controllers, processors or associations and other bodies representing categories of controllers or processors to designate a data protection officer’. It goes on to say that in making these regulations the Minister may take into consideration factors such as the nature and purposes of the processing, risks arising for the rights of individuals and the cost of implementation, amongst others.

Essentially this means that the Minister for Justice and Equality may require a broader category of organisations to appoint a DPO than the GDPR sets out. This will undoubtedly widen the net meaning GDPR will apply to more businesses than originally believed.

If you require more information on this service please email dpo@deniscroombs.ie