PO-as-a-Service
Easily outsource the role of Privacy Officer to effectively manage your privacy
What is a PO-as-a-Service?
A Privacy Officer (PO) is a Privacy Professional who plays an active and key role in establishing and maintaining GDPR compliance in a company. A PO not only monitors the confidentiality, integrity, and availability of personal data but also has an active role in implementing the necessary measures.
While some companies decide to hire their own Privacy Officers to manage privacy within the organization, it is also possible to hire an external Privacy Professional, thus PO-as-a-Service. This choice is very cost effective, as it allows to not hire a full time employee and at the same have all the expertise you need from a Privacy Professional.
What PO-as-a-Service brings to your company
The GDPR mandates companies to implement consistent and robust privacy programs. As a consequence, your company need to implement, revise, and update many processes and documents to be GDPR Compliant. These are among the documents, policies and procedures that a Privacy Officer (as-a-Service) drafts and implements:
- Privacy Policy, Privacy Statement, and Privacy Awareness Program
- Cookie Policy, Cookie Statement
- Data Breach Procedure, Data Breach Policy
- Record of Processing Activities (RoPA)
- Data Processing Agreements (DPAs)
- Data Subject Access Requests (DSAR) Policy
- Data Protection Impact Assessment (DPIA)
However, a PO does not simply help companies to achieve compliance, but also to remain compliant. These are some examples of activities conducted by the PO:
- Handling a Data Subject Access Request
- Conducting a DPIA in case a new processing activity is implemented
- Maintaining the RoPA
- Checking DPA
- Conducting Data Breach Risk Assessments
- Informing the Data Protection Authority and/or Data Subject in case of a Data Breach
“We draw on our broad expertise to fill the crucial role of PO for companies professionally.”
Stephanie Saavedra – Privacy & Data Protection Consultant
PO-as-a-Service at Pharming
LL.M | CIPM
Should you hire a DPO or a PO-as-a-Service?
The PO works in close cooperation with the DPO. However, their tasks are completely different!
The PO has an active role in the company’s management of data privacy policies and procedures. A PO is a key figure in the GDPR Implementation and day to day Privacy Management. Once your company assesses its level of GDPR Compliance thoroughly through a privacy assessment, a PO assists in filling the gaps and maintaining compliance.
On the contrary, a DPO has a supervisory and advisory role and in some cases it is mandatory to appoint one. This is also why it is important to consider hiring an external DPO-as-a-Service because it guarantees the competence and the impartiality required to carry out these tasks.
PO-as-a-Service Cost
Our PO-as-a-Service consists of providing your company with an experienced privacy consultant who will perform the tasks of a PO in a structured and professional way.
This service is scalable and adaptable to your specific company’s needs. The costs vary from a monthly hour subscription to a fixed fee for a specific one-off activity (i.e. conducting a DPIA or a TIA).
Please also note that it is possible to combine PO-as-a-Service with other services, such as the DPO-as-a-Service or the GDPR Implementation. For further details please do not hesitate to contact us via filling out the form below or emailing us at info@dpoconsultancy.nl.