Publication | ThinkSet

DPO-as-a-Service: A Compliant and Cost-Effective Way to Protect Your Company’s Personal Data

Matt Meinel

June 25, 2020

Businesses have a data-privacy compliance challenge. 

More privacy laws mean increasingly complicated and costly regulatory risks for companies that collect, use, or store personal data. As a result, businesses need privacy professionals to mitigate these risks. And some laws, including the EU General Data Protection Regulation (GDPR), require the appointment of a Data Protection Officer (DPO) to oversee compliance and liaise with regulatory authorities.

This creates a staffing challenge. Fully qualified privacy professionals are hard to find, and existing internal resources may not have the expertise or independence to satisfy the GDPR’s strict DPO requirements.

But there’s a solution.

The GDPR and other data protection laws allow companies to contract with an external resource to serve as the DPO in what is known as a DPO-as-a-service model (“DPOaaS” or an “External DPO”). The External DPO solution allows businesses to appoint a team of true privacy experts as their DPO without straining overwhelmed and potentially underqualified internal resources.