VeraSafe’s Data Protection Officer Service

At the Intersection of Law and IT.

Where can you find a data protection officer with the expertise required by Article 37 of the GDPR, who also can maintain the neutrality and impartiality required by the Regulation? Look no further. VeraSafe’s team of in-house American and European privacy attorneys and IT security experts are uniquely equipped to serve as your Data Protection Officer team. VeraSafe already serves as the DPO for organizations ranging from very large enterprises and a top CRM provider, to small and medium sized enterprises. VeraSafe’s team represents a complete DPO solution for companies grappling with complex data protection regulatory requirements.

In-house team of EU and American privacy attorneys and IT security experts.

Strategic, risked-based approach to compliance.

Fully customizable DPO program, tailored to fit your needs.

Thank You

Thank You!

We’ll be in contact shortly.

Included in the VeraSafe Data Protection Officer Program

Your VeraSafe DPO team will bring an impartial perspective to your privacy compliance program. VeraSafe’s DPO team is available to help with the following activities, among others:

  • Collecting and maintaining your records of processing (“data mapping”).
  • Performing Data Protection Impact Assessments.
  • Analyzing your organization’s “legitimate interests” (GDPR Article 6(1)(f)).
  • Conducting privacy by design/privacy by default workshops.
  • Conducting staff training workshops.
  • Interfacing with data protection authorities on behalf of your organization.
  • Notifying data protection authorities of your DPO appointment.
  • Assisting with critical data breach response.
  • Advising and leading your organization’s compliance with all other GDPR compliance obligations.

Benefits of an Outsourced DPO

The GDPR encourages the appointment of DPOs, even in cases where they may not be strictly required. Taking the proactive step of appointing a data protection officer often adds value to businesses in a variety of ways, not least of which is the inherent benefit of having trained privacy experts at your disposal to advise on privacy issues, assist with privacy related product decisions, and monitor regulatory compliance.

Experience has increasingly shown that outsourcing the DPO role is often the most practical and reliable way to fulfill this obligation of the GDPR. Appointing a DPO from within an organization is permissible, but few companies have data protection experts on staff, and of the executives who may qualify for such a position based on their skills, they will often be encumbered with the inherent conflicts of interest and biases that come with corporate leadership roles. The DPO must be neutral and impartial, along with having the ability to independently monitor a company’s compliance with the Regulation. The DPO must also report directly to the highest level of corporate leadership. The result is a very difficult job description for a senior employee, whose loyalty to and personal interest in the company unavoidably affect his or her ability to fill this role.

Frequently Asked Questions About Appointing VeraSafe as DPO

Can the DPO be a team, as proposed by VeraSafe?

Yes, according to the Guidelines on Data Protection Officers promulgated by the former Article 29 Working Party, the DPO role can be fulfilled by a team of individuals. The Working Party held that “individual skills and strengths can be combined so that several individuals, working in a team, may more efficiently serve” as the DPO.

Can we publish VeraSafe’s US and EU contact information and indicate that VeraSafe serves as our DPO?

Yes, absolutely.

Is VeraSafe established in both the US and EU?

Yes, our team is distributed both in the US and the EU.

Does VeraSafe have the expertise required by Article 37(5)?

Yes, VeraSafe’s team of in-house privacy attorneys and IT security consultants have fulfilled the DPO role for organizations since 2015.

Does my organization need to appoint a DPO?

The relative novelty of the GDPR and its silence on what exactly triggers like “regular and systematic monitoring” and “large scale” actually mean, makes determining whether your organization is legally required to appoint a DPO a difficult question to answer. For some business models, the answer—whether yes or no—seems clear; for others, the issue may be far murkier. VeraSafe can impartially assess your circumstances and analyze your exposure to the data protection officer requirement under the GDPR.

Key contacts

Matthew Joseph

Matthew Joseph

CIPP/E, CIPP/US

Managing Director

Jim Cormier

Jim Cormier

CIPP/E

SVP of Professional Services and Legal

Learn how easy it is to appoint VeraSafe as your Data Protection Officer

Why VeraSafe?

Track record of successful GDPR implementations across industries.

Work directly with our in-house team of US and European attorneys, IT experts, and project managers.

Strategic, risked-based approach to compliance.

Fully customizable DPO program, tailored to fit your needs.

Holistic approach: We help you identify business opportunity hidden inside the GDPR.

Going beyond just EU privacy law, VeraSafe is your end-to-end partner for the entire privacy and cybersecurity domain.