With the 25 May 2018 enforcement deadline looming, it has become more vital than ever to ensure that you have a qualified data protection officer (DPO) in place to comply with the General Data Protection Regulation (GDPR).
For those of you who may have put the GDPR and what it stands for at the back of your minds, this is a European Union (EU) directive which has already been written into UK law. So no matter what they say during Brexit, you have to comply with it. It’s an important piece of legislation that has essentially been introduced to protect the consumer whose data and private information you’ve stored and pledged to keep safe. For more about it, check out our guide on the GDPR here.
Your data is the most valuable thing in your business. As it gives you plenty of information about your client so you can cross-sell, it keeps your staff employed and your business making money. Its protection needs to be taken seriously and this is why it’s so vital to hire a qualified and competent DPO.
The problem is that there’s a lot of ‘snake oil’ on the internet, with people claiming to offer services that can ‘certify’ against GDPR. However, there’s currently no approved certification process – so anyone offering you this ‘service’ should not be trusted.
If you don’t know what a DPO does, the role is defined in the GDPR (section 4) to “advise and monitor the performance of data privacy activities and liaise with the regulator. They are required to report to the board, be independent of any business operations and be appropriately skilled”.
But how much does a DPO cost to employ you may ask? At SchemeServe we’ve done some basic investigation into this and it turns out that DPOs request salaries of about £70,000 to £80,000 a year.
So you can hire one or, alternatively, you can share SchemeServe’s DPO. There is, after all, nothing relating to Data Protection or the GDPR that says you can’t and that the DPO has to be employed full time.
The advantages are as follows:
- Any issue relating to data protection and GDPR that we can control will be fixed by us because the DPO will be telling our board it needs to be done and will monitor it independently.
- If there’s a problem in something we don’t control, we may still be able to help based on our experience.
- You’ll get access to the DPO in our business one day a month. This will enable the DPO to catch up with you on the progress made and advise you on future changes you may want to make. The DPO will advise on how to do those in a data safe way.
- The DPO can help out with processes for data access requests, your marketing processes and any other data protection related issues.
- The cost will be greatly reduced. The initial Data Privacy Impact Assessment will cost you £4,500 (plus VAT) sharing our DPO will cost £2,000 a month (plus VAT) on a 12-month contract. At the end of the contract you can choose to renew or not.
With the May deadline looming it’s important to act now if you haven’t already hired a DPO. While the cost of sharing a DPO is equivalent to spending £24,000 on an employee you are still saving more because of National Insurance and other costs that come with hiring permanent staff members. But if you’re already a SchemeServe client – the advantage is that we know some of your challenges already and our DPO will help you to identify all the others so we’ll be able to engage in a timeous fix.