Managed Data Protection Officer

Managed Data Protection Officer

H2 Cyber Risk Advisory Services understands that for many SMEs, employing a dedicated person to manage their data protection requirements, or reallocating an existing employee’s time to it, is expensive and not always possible.

Whilst larger companies may have the resources to cover this cost, many smaller businesses haven’t, yet under the Data Protection Act 2018, many have the same legal obligation to have a Data Protection Officer as firms with multimillion pound turnovers.

The fact is that the majority of businesses that collect or process personal data are required by law to have a nominated Data Protection Officer. This includes many businesses and sectors that you may not initially think of, from estate agents (who retain significant amounts of personal and financial information) to pharmacy chains, solicitors, financial advisors and manufacturers.  This list is far from exhaustive.


The personal details of employees also comes under the Act, so every business that employs staff – regardless of whether they collect and process customer personal data – is required to have a Data Protection Officer.

What’s more, the company MD or CEO is not permitted to be the business Data Protection Officer; it must be someone who is independent from the management of the company and who won’t be dismissed or penalised for performing data protection tasks.

Our Managed Data Protection Officer service fully fulfils the requirements of the Data Protection Act 2018 and gives you access to a live named expert who manages your data protection and GDPR activities for you for as little as £200 per month.

The benefits of having a Managed Data Protection Officer (DPO) include:

  • No need to employ someone new or allocate an existing member of staff to data protection.
  • The Managed DPO is a named person who is always available to you during the working week.
  • They will respond to your data protection queries and questions within two hours.
  • They will manage Subject Access Requests (personal data requests from customers or employees) that you receive and are obligated in law to respond to.
  • They will manage and investigate any data breaches that you experience.
  • They will undertake a Data Protection Impact Assessment (DPIA) for you to highlight and minimise the data protection risks of a project.
  • They will liaise with the Information Commissioner’s Office (ICO) for you.
  • They will provide you with regular advice and guidance on data protection.
  • They are available for a low fixed cost every month.


The cost of having a Managed Data Protection Officer starts at just £200 per month for a five hour per month commitment, which is suitable for many smaller businesses. Companies wanting a greater time commitment from their Managed DPO can choose a larger custom package of hours, or simply pay a flat rate for every hour worked above their agreed level.


Contact us today about this service

If you would like to know more about our range of services here at H2 then please contact us today on 0845 5443742 for Cyber Security Advisory or 0845 5443730 for Data Protection Advisory or complete our contact form.

Click here to get started >