ProDPO™ has provided data protection advisory services to organisations since 2018 when it was established by the law firm Wedlake Bell LLP. We assist with comprehensive day-to-day DPO services, on-demand or ad-hoc support, as well as transactional support.
We are practical, quality-focused and experienced lawyers able to provide ‘plug and play’ advice on data protection issues in the private and public sector. Our team comprises individuals with diverse skills and experiences and significant real-world experience from working for various organisations in-house as well as supporting our ProDPO clients over the years.
Data protection is all about risk-based approaches, balanced assessments and communications tailored to audiences. We pride ourselves on our expertise in legitimate interest assessments and data privacy impact assessments relating to novel data processing. Our passion for technology coupled with exposure to dealing with multi-sectoral regulatory requirements has helped us develop expertise in answering more complex data protection questions.
Meet the team
With over 10 years of experience in data protection, Alex supports clients with specialist advice on matters involving data in technology, transactions and disputes, as well as general data protection compliance and cyber security matters.
Alex offers a critical view on the proportionality of data processing in new technologies including AI and automated decision-making with a drive to finding appropriate solutions, expertise in mature legitimate interest assessments and adequate outcomes in Schrems 2 transfer impact assessments. He brings a measured approach to negotiating data protection aspects of transactions.
Alex supports clients from the technology sector, fintech, adtech, health, cloud, property, transport, social media and digital trading.
Elizabeth is an associate solicitor who advises clients on a broad range of data protection issues and regularly advises on complicated data protection matters. Elizabeth regularly advises on data protection impact assessments (DPIAs), data sharing arrangements and the impact of data protection law in complex areas such as direct marketing and the use of website cookies, and employee vetting. Elizabeth has written a number of White Papers including advising a client on the data protection implications of a digital migration of an application system, and advising clients on their roles as a controller or processor in the context of providing statutory services to local authorities, and conducting detailed background checks.
The advances in technology for the healthcare devices sector brings continued challenges for many organisations.
The increasing responsibilities under the GDPR have significant implications for those who are dealing with personal data related to health in the context of healthcare devices.
Providing quality through expertise, we work with medi-tech companies who are looking for an alternative solution to directly employing a data protection officer.
Providing European DPO services to med-tech organisation
Background: This US Headquartered, NASDAQ listed medical devices company develops, manufactures and sells a family of surgical products and cardiovascular devices, to customers worldwide. Its annual turnover for 2019 was US$ 230 million. It has offices in the US and EU and a total global staff of approximately 750.
The company holds personal data relating to its employees and to healthcare professionals (HCPs) that use its products. It also holds personal data (including personal data relating to health, one of the ‘special categories of personal data’) gathered from clinical trials.
The company undertook a General Data Protection Regulation (GDPR) readiness project in 2017/2018, which was managed by the compliance team operating from the client’s US headquarters. The company concluded that it processed special categories of personal data on a large scale, thereby triggering Article 37 of the GDPR, which requires the appointment of a data protection officer (DPO).
The GDPR permits the role of the DPO to fulfilled by an external service provider. The company decided to use an outsourced DPO as it felt there was not likely to be sufficient work to justify hiring a full-time employee, and to ensure that the role was performed independently and to benefit from the external DPO’s experience gained from other clients.
The company approached ProDPO with a view to obtaining external support for its existing compliance team, on a ten hours per month basis. ProDPO has provided remote support by telephone and email to the client’s existing compliance team, reviewing data protection related documentation and advising on data protection related queries such as how the client could lawfully promote its knowledge sharing web platform and conferences to HCPs.
The client subsequently hired an internal DPO, to whom ProDPO provided support in relation to particularly complex issues, where a second opinion was required and also providing support with overspill work when the internal DPO required additional capacity. ProDPO has worked with this client since May 2018.
ProDPO has been able to bring its breadth and depth of experience to benefit the client, by providing practical, risk-based advice. For instance, the ProDPO team was able to draw on its experience gained from other clients in relation to direct marketing, when advising this client on how to promote its HCP web platform.
With the adoption of the GDPR in 2018 the EU is raising the bar in how it protects the interests, rights and data security of individuals. The GDPR replaced the Data Protection Act 1988.