The General Data Protection Regulation (GDPR), the biggest change to data protection practice in a generation, requires certain organisations to appoint a Data Protection Officer (DPO): someone who must have expert knowledge of data protection law in order to fulfil the tasks required.
But even organisations who don’t have a duty to appoint a DPO are expected by the regulatory body (the Information Commissioner) to ensure they have sufficient staff and resources to meet their obligations under GDPR. Failure to do this puts organisations not just at regulatory risk, but also at risk of litigation and reputational harm.
However finding the right candidate for such a critical role can be difficult. Perhaps no-one in your organisation has the right mix of skills and expertise. Or there may be capacity constraints. Recruiting a full time DPO can be difficult owing to the restricted pool of candidates and some organisations won't need a full time person.
Happily, GDPR recognises that not all organisations will want to give the tasks to an existing employee, instead it allows organisations to appoint a DPO on a service contract.
At Mishcon de Reya, we recognise that the DPO is a specialist role, requiring a complicated balance of skills and knowledge, and we know from discussions with clients that not all of them are able to meet this need in-house.
This is the reason we launched our Mishcon Virtual DPO service providing you with the support of a DPO equivalent, on terms tailored to your specific requirements. We will agree the right resource level for your needs and set a monthly cost to allow you budgeting transparency.
Our Virtual DPO service is backed by our Data Protection team who have decades of experience both in law and in practice. Head of Data Protection, Adam Rose has been advising on data protection matters since the 1990s, and Data Protection Advisor Jon Baines has been Chair of the National Association of Data Protection Officers for the last five years. You will also have access to a 24 Hour Emergency helpline.
Should you need help to proactively manage cyber risks, Mishcon has a market-leading Cyber Security team, MDR Cyber. Our multi-disciplinary approach combines business expertise with a deep understanding of cyber risks and how to protect against them. We are able to help define your strategy, meet data protection and privacy obligations, provide assurance to your stakeholders and manage any crisis swiftly and discreetly. Likewise, should you suffer a data breach, you can rely on years of experience in asset recovery, coupled with close relationships with the investigator community, to identify those responsible and regain control of your data.