Data Protection Officer (DPO) Consultancy Services

Contact us

Kroll's data privacy team provide DPO consultancy services with a focus on GDPR compliance

Preparing for GDPR Compliance

Article 37 of the General Data Protection Regulation (GDPR) mandates the appointment of a Data Protection Officer (DPO) for all public authorities and other organisations where the core activities of the controller or the processor involve “regular and systematic monitoring of data subjects on a large scale” or where the entity conducts large-scale processing of “special categories of personal data”. The DPO is tasked with:

  • Monitoring the organisation’s compliance with the GDPR and monitoring data privacy risks arising in the organisation’s activities
  • Awareness-raising within the organisation of data processing requirements under the GDPR and other applicable E.U. data privacy laws
  • Ensuring staff are trained on data processing requirements
  • Conducting data protection impact assessments
  • Maintaining records of processing
  • Conducting data security and processing audits
  • Serving as a point of contact for data subjects and supervisory authorities

The role of the Data Protection Officer can be more than just one individual – this post oversees a host of data privacy and security processes and controls intended to comply with the new GDPR requirements. Initially developing and implementing a truly comprehensive DPO programme will require time and resources many organisations simply don’t have as we head towards the GDPR implementation date of 25 May 2018.


Tactical and Strategic Support to Build Your DPO Programme

Getting a GDPR-compliant data protection programme off the ground is no easy task. Kroll partners with consummate data privacy law firms to provide DPO consultancy services to support your existing privacy and security capabilities in becoming compliant and staying in compliance with GDPR and other local E.U. data privacy requirements. Kroll leverages our team’s experience and expertise in information privacy and security challenges, as well as risk assessments and investigations performed on a global scale. We can help organisations avoid conflict of interest issues in the performance of this role by providing consultancy services from an independent perspective. We can be accountable directly to the C-Suite.

Kroll partners with experienced data privacy law firms to help deliver a core set of consultancy services, including:

  • Inform and advise the controller or processor and its employees of their obligations to comply with the GDPR and other E.U. data privacy and security laws
  • Recommend assessment action plans to identify gaps in relation to GDPR requirements, including developing and managing GDPR compliance risk register
  • Promote GDPR awareness, including customised training to personnel, from the front line employees to the board
  • Inform and advise the controller or processor about the risks arising from data processing activities
  • Create GDPR roadmap and maturity model for the organisation
  • Develop data maps that identifies Personal Data and assigns risk ratings according to a tailored GDPR roadmap
  • Develop data protection impact assessments and risk-mitigation recommendations and the provision of advice when they are required under the GDPR and when they are advisable because of the data processing risks arising from the organisation’s activities
  • Identify information assets and process flows used to create, store, transmit, and dispose of Personal Data and which are subject to GDPR specifications
  • Monitor compliance with GDPR requirements and other applicable E.U. data privacy and security laws
  • Maintain data processing records
  • Work with the client to address other needs in addition to the core set of services


Kroll Global Cyber Team Expertise

With offices in 20 countries and more than 30 cities, Kroll experts speak over 12 languages and have hands-on experience with regulations such as current European data protection laws, US HIPAA, PCI DSS, CASL, Hong Kong's DPO Principle 4, and the upcoming GDPR measures. Many of our cyber professionals bring years of unique experience from their former service with law enforcement and regulatory agencies:

  • Federal Bureau of Investigation (FBI)
  • U.S. Department of Justice (DOJ)
  • Interpol
  • UK Intelligence and policing
  • Europol
  • Hong Kong Police Force
  • Securities and Exchange Commission (SEC)
  • U.S. Department of Homeland Security
  • U.S. Secret Service
  • U.S. Attorney's Office


Strengthen Your Data Privacy Programme

There are countless challenges ahead of GDPR, with the mandatory DPO appointment being potentially challenging as requirements outnumber the qualified individuals available. Count on our team of data protection consultants to become your partners in this task.

/en/services/cyber-risk/prepare-and-prevent/data-protection-officer-consultancy-services /-/media/kroll/images/banners/services/cyber-risk.ashx service

Related Services

Cyber Risk

Cyber Risk

End-to-end cyber security services provided by unrivaled experts.

Cyber Risk
Cyber Risk

Cyber Policy Review and Design

Strengthening info security policy design and evaluating incident response plans effectiveness.

Cyber Policy Review and Design
Cyber Risk

Cyber Risk Assessments

Delivering actionable recommendations using the best technology and expertise available.

Cyber Risk Assessments