GDPR requires certain companies to appoint a DPO to ensure secure data processing and compliance with data protection requirements. Instead of hiring an employee a company can appoint an external DPO.
In Grant Thornton DPO service is offered by a team which includes data protection specialists with international data protection certificates, lawyers and IT specialists. The team work ensures a complete and continuous service provision.
Grant Thornton can help you with the DPO service in Estonia, Latvia and Lithuania, where our local data protection experts speak the local language and have expertise in local data protection legislation.
DPO from Grant Thornton:
- Maps data processing and produces records of processing activities (ROPA). Data mapping and ROPA are the pre-requisites for offering the DPO service.
- Maintains the ROPA.
- Makes sure information systems, processes and documents are in compliance with data protection requirements. This includes:
- various corporate internal rules and policies;
- Data Protection Addendums to contracts with joint-controllers and/or data processors.
- When necessary conducts Data Protection Impact Assessments (DPIAs), recommends appropriate actions to mitigate the risks and monitors the process of risk mitigation.
- Provides data protection and cyber-hygiene trainings to company employees.
- Conducts ad hoc compliance checks.
- Responds to data subject access requests on what data, for what purposes and legal bases, and for how long their data is processed. DPO also manages deletion and processing restriction requests.
- DPO also communications with a local regulator in case of queries or data breaches with potential high-risk consequences.
DPO service terms:
- A minimum 12 month contract.
- Minimum 4 hours a month. The exact number of hours depends on the scope and complexity of data processing.
- Monthly or quarterly billing.