If you process sensitive data, you are legally required to appoint a DPO and inform the ICO who that is.
Establishing a DPO within a business requires considerable investment in training and, for the people involved, it can mean a lot of time spent away from primary roles and a cumbersome burden of responsibility.
It is perfectly acceptable to share the services of a competent DPO between businesses. We have developed an offering that enables small businesses to outsource their Data Protection Officer role.

Neither a vDPO nor a full time DPO meets the regulatory requirements without other protections and measures in place. One of these measures is our Documents and Policies Package.
This package includes the supply of a complete set of effective and practical data protection policies and documentation. A suite of strong policy documents can enable the exercise of strong governance of any enterprise and are key components of GDPR compliance.

We offer three useful training programmes:

• Cyber Awareness: on-line assessed module to give staff a basic understanding of cyber-attacks.
• GDPR Awareness: online assessed module that will help staff to understand the legal requirements for the safe and secure handling of electronic data with which they are required to comply.
• GDPR Practitioner Training, which is recommended to be given to at least one person in each branch or business. This will give them the knowledge to act as a local expert in GDPR matters, to support help the rest of the staff and to help the data controller remain within the regulations.