Regulatory
DPO managed service

What is DPO managed service?

An outsourced Data Protection Officer makes the task of managing data an easy task through vast expertise and on-demand guidance.

Why do I need a DPO?

You legally require a DPO if:

  • You are a public authority.
  • Your organisation’s core activities require regular and systematic monitoring of individuals on a large scale.
  • Your organisation’s core activities involve processing on a large scale ‘special categories’ of personal data, or ‘criminal convictions or offences data’.

How can we help?

Even if you have no legal requirement to appoint a DPO, it is still advisable to appoint someone who is responsible for the information your organisation processes.
At Samurai, we can make the task of managing your organisation’s information easy. We will work alongside your existing teams to help raise awareness and improve understanding of the information handled. Ultimately this will strengthen the security of that information.
Better information security, protects and improves your reputation. Better controls help reduce the risk of fines and penalties. Our DPO advice can help you achieve better information security in a way which makes financial sense to your organisation and increases stakeholder confidence.

How to get started?

Please select one of the packages below that suit your business needs, this can then be tailored to your organisation, and a bespoke package created for your GDPR and information security needs.

Minimum Contract: 12 Months

We will be your retained advisor rather than your nominated Data Protection Officer.

We will:

  • Advise on changes in policy
  • Advise on changes in
  • DPA/GDPR legislation
  • Review approach to consent
  • Review privacy statements
  • Advise on engagements with new 3rd parties
  • Review PIA’s
  • Help you respond to questions relating to GDPR/DPA(2018) from 3rd parties
  • Undertake a yearly audit to ensure continued compliance with GDPR/DPA(2018) and IASME
  • Run one GDPR/DPA(2018) training session a year

Minimum Contract: 12 Months

We will be your retained advisor rather than your nominated Data Protection Officer.

We will:

  • Be your contact with the ICO
  • Inform, advise and issue recommendations regarding GDPR compliance
  • Advise on changes in policy
  • Advise on changes in GDPR/DPA(2018) legislation
  • Advise on approach to consent
  • Help you respond to questions relating to GDPR/DPA(2018)
  • Provide PIA (Privacy impact assessment) templates
  • Confirm if a PIA is required
  • Advise on safeguards are required to secure the rights and interests of data subjects
  • Review PIA’s
  • Review new 3rd party providers
  • Deal with 3rd party provider requests
  • Annually review all 3rd party data processors
  • Annually review the data audit sheet
  • Be the contact and for any data breaches/incidents
  • Run one GDPR training session a year
  • Provide access to GDPR Awareness training Moodle site for all staff
  • Undertake a yearly audit to ensure continued compliance with GDPR/Data Protection Bill and IASME

Minimum Contract: 12 Months

We will:

  • Be your primary contact with the ICO
  • Offer you a dedicated personal Data Protection Officer
  • Inform, advise and issue recommendations regarding GDPR compliance
  • Perform an annual full and thorough system penetration test against your web applications, external and internal infrastructure and offer advisories.
  • Provide phishing campaigns to help with user awareness – 3 campaigns per year.
  • Advise on changes in policy
  • Advise on changes in GDPR/DPA (2018) legislation
  • Advise on your approach to consent
  • Help you respond to questions relating to GDPR/DPA(2018)
  • Provide PIA (Privacy impact assessment) templates and assistance
  • Confirm if a PIA is required
  • Advise on safeguards are required to secure the rights and interests of data subjects
  • Review and advise on Privacy Impact Assessments PIA’s
  • Review and advise on Legitimate Interest Assessments (LIA’s)
  • Provide LIA templates
  • Review new 3rd party providers
  • Deal with 3rd party provider requests
  • Annually review all 3rd party data processors
  • Annually review the data audit sheet
  • Be the contact and for any data breaches/incidents performing incident analysis
  • Perform an annual 1-day GDPR training session.
  • Provide access to GDPR Awareness training site for all staff
  • Undertake a yearly audit to ensure continued compliance with GDPR/DPA(2018) and IASME