Some organisations that process personal data must appoint a DPO. This includes controllers and processors whose core business is the regular and systematic monitoring of individuals on a large scale (e.g. providers of certain mobile applications) or large-scale processing of so-called sensitive data (e.g. the health sector). Also organisations that are not obliged to appoint a DPO choose to do so voluntarily in order to provide expert support in the area of data protection and privacy.
Regulations allow for the outsourcing of the DPO function and our experience shows that this is an option frequently sought by clients.
The DPO is a responsible function and entrusting it to the right person contributes to the success of the organisation. An officer appointed from the ftl team carries out the duties of the DPO at the client’s premises as stipulated in the GDPR, to oversee and ensure the organisation’s compliance with data protection regulations. Our DPO is not just an external advisor – they join our client’s organisation. Moreover, our DPO does not act alone – they are supported by the GDPR team which consists of experienced ftl experts.
In addition to the classic outsourcing of the DPO function, we also offer other business relationship models, such as:
- ongoing legal support by our GDPR team for the client’s internal DPO (DPO help desk)
- substitution for the DPO during their absence
- outsourcing of a data protection coordinator (in organisations where no DPO is appointed).