Data Protection Officer Service

Our expert consultancy services help businesses make the right decisions and gain competitive advantage.

Our Consultancy Services:

Successful businesses will be driven by trusted, quality data, whether this is to provide an insight of their customers, to drive efficiency, or to automate processes.

The IoT will be an integral part of the infrastructure required to provide such data; but for it to succeed that infrastructure must be secure, resilient and safe.

Data is a valuable commodity and any commodity must be protected to maintain its worth. If data can be tampered with, it is worthless, costly and potentially dangerous.

Protect data. Build trust. Be successful.

Request a call back:

A trusted service provider to:

A Data

Protection Officer

Did you know….? The International Association of Privacy Professionals (IAPP) has estimated that over 75,000 Data Protection Officers will be required worldwide as a result of the GDPR.

The appointment of a Data Protection Officer is a legal core obligation for many organisations operating in the European Union (EU) and is the cornerstone of accountability to facilitate compliance with the GDPR.

Article 37 of the GDPR has explicitly recognised the potential for external consultants to provide Data Protection Officer services on the basis of a service contract. The Article 29 Working Party (now the European Data Protection Board) has elaborated on the structure of such a service, focusing on the efficiency benefits, independence and accessibility.

Gemserv can provide full outsourced data protection officer services (oDPO) or support in-house management through the virtual data protection service offering (vDPO). As part of this, we will assist or carry out the core functions of the DPO, depending on the needs of the clients.

Gemserv also offers the flexibility for our Data Protection Officers to be registered in Ireland or in the UK, to safeguard against the effects of Brexit.


The oDPO and vDPO services bring the following core benefits to clients:

  • Level of Expertise – we offer our fully CIPP/E, CIPM and ISO 27001-qualified Data Protection, Information Security and Cyber Risk consultants to attend and provide any guidance to our clients, giving you a competitive advantage over your competitors;
  • Avoiding conflicts of interest – having fully outsourced professionals helps avoid an organisational conflict of interest, between data protection responsibilities and other tasks, that the GDPR has highlighted as a significant problem;
  • Autonomy and Independence – whilst acting on behalf of our clients, we provide independent, dedicated and fully-focused guidance and decision-making, using our own resources, as endorsed by the Article 29 Working Party.

Core Functions

As part of the vDPO/oDPO services, we will provide guidance on or deliver the key responsibilities of a Data Protection Officer, including:

  • Governance – Adopting a risk-based approach to audit, implement and monitor data protection practices necessary for compliance with the GDPR.
  • Cooperation – Acting as a contact point and facilitator for any investigations and negotiations with supervisory authorities and responding to queries from data subjects;
  • Data Breach Notification – Managing, providing guidance on and reporting personal data breaches.
  • Data Subject Requests – Implementing the necessary framework for responding to Data Subject Requests, including Subject Access Requests (SARs).
  • Data Protection Impact Assessments (DPIAs) – Following the principle of Data Protection by Design, we will advise on and risk assess data processing operations.

Data Protection

Awareness Video

Data Breach – The Next 72 Hours…..

Below is an infographic that details the process once a data breach has occurred.



WP Annex PDF
VDPO Products Sheet
GDPR Fines Guide