Whilst larger companies may have the resources to cover this cost, many smaller businesses haven’t, yet under the Data Protection Act 2018, many have the same legal obligation to have a Data Protection Officer as firms with multi-million pound turnovers.
The fact is that the majority of businesses that collect or process personal data are required by law to have a nominated Data Protection Officer. This includes many businesses and sectors that you may not initially think of, from estate agents (who retain significant amounts of personal and financial information) to pharmacy chains, solicitors, financial advisors and manufacturers. This list is far from exhaustive.
The personal details of employees also comes under the Act, so every business that employs staff – regardless of whether they collect and process customer personal data – is required to have a Data Protection Officer.
What’s more, the company MD or CEO is not permitted to be the business Data Protection Officer; it must be someone who is independent from the management of the company and who won’t be dismissed or penalised for performing data protection tasks.
Our Managed Data Protection Officer service fully fulfils the requirements of the Data Protection Act 2018 and gives you access to a live named expert who manages your data protection and GDPR activities for you on a monthly subscription basis.
The cost of having a Managed Data Protection Officer is extremely affordable and can be tailored to suit your needs and is suitable for many smaller businesses. Companies wanting a greater time commitment from their Managed DPO can choose a larger custom package of hours, or simply pay a flat rate for every hour worked above their agreed level.
If you would like to know more about our range of services here at H2 then please contact us today on 0845 5443742 for Cyber Security Advisory or 0845 5443730 for Data Protection Advisory or complete our contact form.Click here to get started >
We originally engaged H2 to examine our liability under GDPR and devise risk managed policies and processes to ensure we met the requirements. Their Cyber Maturity Assessment is certainly and eye opener and H2s approach, unique in our experience of IT service companies, demonstrated clearly that we had some issues to overcome. They were patient in providing services at our own pace and at price points which we were happy with, and were comfortable working with our current IT provider, enhancing their services and products, and plugging gaps that they do not cover. I have no hesitation in recommending H2 to other companies who need such services.
We engaged H2 to examine our liability under GDPR and devise risk managed policies and processes to ensure we met the requirements. They devised a set of processes and policies, neatly presented as a Data Protection Manual on time and on budget. I have no hesitation in recommending H2 to other companies who need such services.
We asked H2 to examine our Cyber Security and Data Protection posture, including policies, processes and technical configuration and controls. We found their Cyber Maturity Assessment to be very comprehensive in discovering the threats and vulnerabilities to our systems and describing them in terms of business risk. The policies and processes developed were again, comprehensive and all encompassing, and designed to fit in with the style and presentation of our other policies and handbook.
We engaged H2 to examine our Cyber Security in readiness for obtaining Cyber Essentials accreditation. Their Cyber Maturity Assessment is comprehensive and H2s approach is unique in our experience of IT service companies. They provided services at our own pace and at price points which we were happy with. They were also comfortable working with our current IT provider, enhancing their services and products, and plugging the gaps, including Cyber Security and Data Protection Awareness training. I have no hesitation in recommending H2 to other companies who need such services.