The Virtual Data Protection Officer

Now to recap, there are three reasons why GDPR may require your organizations to have a DPO:

  • if you’re a public authority or acting like one
  • if you’re processing large volumes of special categories of data that sensitive data to you and me, and
  • if you’re regularly and systematically monitoring data subjects on a large scale,

This may feel at DPO is just a good thing to have, even if they don’t legally need one.


Now, a good example of this case is if you’re a processor and your controller clients all have DPOs and you spend lots of time in meetings with them discussing how you handle our data. A DPO can be a lifesaver here and show massive credibility. So generally, it’s large companies that they’ll need a DPO, but there will also be a lot of smaller organizations that will, two companies involved in large scale email marketing analytics.

If you are in healthcare will most likely require a DPO, but whilst you need to have a DPO nominated, the activities of the world will depend massively on the size, complexity, and breadth of each organization.

When will you hire a Virtual Data Protection Officer?

Some will need teams of people working for a DPO. I know this will need a DPO for only a few days per month, and this is where the value of a virtual Data Protection Officer comes into play. So, if you think you’ll be having a DPO for GDPR but don’t want to have a fulltime employee on this then virtual DPO is the answer.

The Virtual Data Protection Officer

Different companies provide service in different ways. But here’s the best approach. When hiring a Virtual Data Protection Officer, costs are going to vary, but the usually all based on a day rate for the number of days per month expects it to be working with you the rest of the month you’re effectively on-call should the client need you cost matters, but I’d rank it further down the list of priorities than other factors.

The most important thing to look for is whether the virtual DPO gets your business. Do they truly understand what your organization is all about, how you work and whether they would add value to your culture? The DPO should be business minded first and data protection focus second. Now that might sound like blasphemy to many data protection purists.

They need to be part of the team and helping sail the ship in the right direction. If you’re a DPO and don’t like the direction of the organization, for instance, you don’t agree with their ethics or business model than gets off the ship. Being a DPO is about helping the organization and its data. Subjects are being controlled under prosper with data. For that reason, a DPO can’t be too technically minded. I mean they can’t be too focused on technicalities which a lawyer or it person might do. They need to understand the technicalities but crucially translate them into a way that helps everyone.

So, the DPO needs to have a real business head on their shoulders.

Of course, any DPO needs to have all the right skills and data protection experience for the role, but the realtime experience is vital.

And by this I mean they have to be actively working on multiple streams of GDPR right now, for instance, with multiple clients in your sector and also in other sectors. This way you’re benefiting from their experiences, failures, successes, and lessons learned of everyone else trying to get ready for GDPR. I can’t stress how vital this is.

One of the key benefits of a virtual DPO is their real-time experience of multiple perspectives and strategies for GDPR data protection. So, make sure that any virtual DPOs you speak to is already busy with other clients you want to slot in alongside those other clients in gain from all the wider experiences.

Well as the GDPR requires, this is great if you’re virtual. DPO has other skills that you can lean on now to get everything ready day to day. Your virtual DPO should be there if you need them and most likely will be spreading that time with you over a course of a week or month. Working remotely, usually on phone calls and virtual meetings and documentation reviews and you’ll probably want some shuttled onsite visits to suit you too.

The beauty of the Virtual Data Protection Officer is they fit around you, work how you want them to work and you only pay them for the amount of assistance you need when you need it.