DPO as a ServiceWho owns privacy?
If your business handles personal data, you have obligations under UK and EU data protection law. For some organisations that means formally appointing a Data Protection Officer; for others it's optional but sensible. Either way the work still needs doing, and most small businesses can't justify a full-time privacy specialist.
Our DPO service gives you a named, qualified Data Protection Officer who handles your privacy compliance so you don't have to. They are independent, as the law requires, report to your leadership, and act as your formal point of contact with the Information Commissioner's Office. They do the work: maintaining records, responding to requests, advising on new projects, and keeping you out of trouble with the regulator.
In short
- 01A named, qualified DPO who takes responsibility for your data protection, not just advice on it.
- 02Requests, breaches, and the regulator handled for you, within the legal deadlines.
- 03An ongoing, independent role that reports to your leadership, sized to your business.
What problems we solve
Privacy work doesn't stop, and someone has to own it. You're in the right place if any of these sound familiar:
“Someone emails asking what data we hold”
Panic over who handles it, where the data lives, and the deadline, while someone loses days pulling it together.
“We're using customer data in a new way”
You ship it and hope for the best, or stall while people argue over whether it's even allowed.
“A laptop's gone missing”
Uncertainty about whether to tell the ICO, what to tell customers, and who owns sorting it out.
“A partner asks about our privacy practices”
You scramble to find or create documentation, and the answers come out inconsistent.
“The ICO has written to us”
Fear, and no clear answer on who responds, what to say, or whether you're in trouble.
“We need a DPO but no one's qualified”
You appoint someone who doesn't really understand the role, or leave it vacant and hope nobody notices.
How the DPO service works
Appointment + ICO
Appoint and register
We appoint your named DPO formally, register them with the ICO, and bring your Record of Processing Activities up to date, so there's a clear baseline to work from.
Monthly
Run it day to day
Your DPO handles requests, breaches, and supplier checks, advises on new projects, and keeps your records and notices current through a regular operational check-in.
12 months
Report and renew
Quarterly reports keep leadership informed and an annual board review sets the year ahead. The engagement runs on a 12-month minimum term, renewable annually.
That's the operating rhythm. The full service description sets out the complete scope, governance, and exclusions.
Read the full service descriptionCompanies we've worked with.
What your DPO handles
The privacy function run for you, sized to your risk, not paperwork generated for its own sake.
Who it's for
20 to 200 employees: real data protection obligations, but a full-time DPO would be overkill
Handling personal data: customer accounts, employee records, user data, or marketing lists
UK or EU operations: subject to UK GDPR, EU GDPR, or both
Facing external questions: procurement questionnaires, due diligence, or contractual data protection requirements
Required to appoint a DPO: or you'd simply rather privacy was owned by someone qualified and independent
What's not included
- Legal advice or formal legal opinions
- Acting as your EU Representative
- Implementing technical controls
- Your compliance platform subscription
Your DPO is a qualified privacy professional holding recognised credentials such as CIPP/E or CIPM. They are independent, as the law requires, and report to your board or senior leadership rather than the teams they oversee. You work with the same named DPO throughout, so they hold your business context rather than relearning it each quarter.
Term and pricing
Minimum term
12 monthsRenewable annually, scope reviewed at each renewal
Availability
2 business daysFaster for urgent breaches or regulator contact
Pricing
Ongoing engagementPriced to your size and risk profile
This is an ongoing engagement, not a one-off project. The minimum term gives time to establish proper processes and demonstrate value. Use the calculator for an indicative estimate.
Estimate the costCommon questions
Data Protection Officer FAQs
Put privacy in qualified hands.
A short conversation is usually enough to tell whether you need a DPO, whether you're legally required to appoint one, and how the service would fit your business. If a one-off compliance project suits you better, we'll say so.