Value for money

You have several options when it comes to managing Data Protection.


Recruit a formal Data Protection Officer (DPO)

This has significant implications. A DPO must have the experience and expertise to fulfil the functions defined by the GDPR. And they must act independently, reporting to the Board or Trustees directly.

A DPO can therefore often command four times the average salary.

The GDPR only requires certain sectors and certain organisations to appoint a DPO. To take our test, click on the "Do I need a DPO" button below to see if you have to (by law) appoint a DPO.


Appoint an external DPO

Those offering DPO-as-a-service must meet the same high standards as an internal DPO.

This means they must be “involved, properly and in a timely manner, in all issues which relate to the protection of personal data” and must fulfil all the tasks outlined in Article 39.

Always check that any solicitor, accountant or DPO-as-a-service company has the expertise and experience (in your sector) to fulfil the role. For example, can they report to the Board one day, and change their tone and approach to work with frontline staff and management the next?

Also check the resources they commit for the price, and what they charge as extras. For example, is handling a SAR, or engaging with the ICO or customers, part of the price?


Appoint Protecture

Keeping your staff trained and informed, and ensuring they have the resource to keep on top of the latest developments, is key. Our services help you deliver this efficiently. Working with us, you can effectively manage data protection risk. We know our services deliver value for money.

  • Our resources are scalable at short notice
  • You have a team of specialists at your disposal
  • Our knowledge is always up to date
  • You don’t pay for resources you don’t use
  • Our experienced staff are efficient
  • Our advice is impartial

Talk to us to find out what we can do. You can then be sure you’ve made the right decision for your organisation.


Do nothing

This is the cheapest, in the short term at least. But the Information Commissioners Office is now enforcing the GDPR. They have required HMCR to delete personal data. They intend to impose a fine of £183 million on British Airways for not patching software and £99million on Marriott for failing to undertake enough due diligence.

These will change business in the UK. You may not be fined, but your stakeholders will expect you to be managing data protection risk. And your partners will want to see that you’re not going to expose them to risk through your behaviour. Your reputation can easily be affected by outdated practice or failing to recognise and manage all the issues.

Want to understand the Mistakes that cost BA £20m?

  • By using this form, you agree to our Terms and have read our Privacy Information

  • This field is for validation purposes and should be left unchanged.

Online Client Area

Our client area is full of useful Information Security and Data Protection tools, templates and resources.