Frequently asked questions

Why ProDPO?

Who we work with

We work with different teams across the organisation depending on data responsibilities and compliance issues.  Typically we work with:

General Counsel
Our team works with General Counsels whose teams are short on time, lack the specialist knowledge for a data protection officer or have limited resources.
We take data protection off your desk – for a fixed fee ProDPO’s experts deal with all of the business’ data protection enquiries.

HR Directors
We work with HR teams that require support with data protection issues  and who are handling sensitive and personal data.

We help ensure staff are aware of data protection requirements to mitigate the risk of personal data breaches; as well as balancing employee awareness around rights to privacy with the business requirements.

Marketing Directors
Marketing Directors choose ProDPO to provide data protection compliance support.

ProDPO helps marketing directors and their teams navigate the heavily regulated digital marketing environment; providing practice advice that optimizes how valuable databases can be used.

Frequently asked questions

Q. What is the GDPR?

A. The General Data Protection Regulation (GDPR) is a European regulation that replaced the Data Protection Act 1998 (DPA) on the 25th May 2018.

Q. Does the GDPR apply to my organisation?

A. The GDPR applies to any organisation, in the public, private and third sector, that holds or uses information about living individuals (or ‘personal data’). Almost all organisations hold personal data about their employees, customers and suppliers.

Q. As the GDPR is a European regulation, does it apply in the UK now that it has left the European Union?

A. Yes. The UK government and the Information Commissioner’s Office (ICO), which enforce the DPA have both indicated that the GDPR continues to apply within the UK.

Q. What happens if I am not compliant with the GDPR?

A. The GDPR grants the ICO a wide range of powers, including the ability to conduct compulsory audits and issue fines of up to €20,000,000, or 4% of worldwide annual turnover. For larger organisations, fines can be significantly larger than €20,000,000.

Q. My organisation is a ‘data processor’ according to the Data Protection Act (DPA). Does the GDPR apply?

A. Yes. The scope of the GDPR is wider than that of the DPA.

Q. Does the GDPR mean that I must appoint a data protection officer (DPO)?

A. The GDPR specifies that the following types of organisation must appoint a DPO:

  • Public authorities, except for courts acting in their judicial capacity;
  • Organisations whose core operations require regular and systematic monitoring of individuals on a large scale; and
  • Organisations whose core activities consist of processing special categories of persona data (special categories include data revealing ethnic origin, political opinions or philosophical beliefs, or trade union membership, data concerning health, or data concerning an individual’s sex life or orientation).

Organisations that do not fall under any of the above categories are encouraged to appoint a DPO on a voluntary basis.

Q. How can I find a DPO?

A. This will be difficult. A study suggests that the GDPR has created demand for 28,000 DPOs in the UK alone, however there is a recognised skills shortage of appropriate candidates, who must have expertise in data protection law and practice.

Q. What can I do if I cannot find a DPO for my organisation?

A. The GDPR allows organisations to outsource the role of DPO to a third-party service provider. It also recognises that many organisations will not need a full time DPO; the role may be filled on a part-time basis.

Q. How can ProDPO™ help?

A. ProDPO provides data protection officer services on an outsourced basis, taking the problem away, and enabling you to focus on running your business.