With the EU General Data Protection Regulation nearly upon us, we at the IAPP have been getting an onslaught of calls and emails from members asking for compliance help. As the manager of our online Resource Center, I am on the receiving end of the bulk of those questions. Of late, one of the more frequent requests is for a sample data protection officer contract for organizations that need a DPO under the GDPR and plan to outsource the job.
Understandably, this is a much-needed resource — and just as understandably, organizations that produce such contracts are somewhat averse to giving them away for free. It's also important to note that each of these contracts may look very different depending on the needs and goals of the organization, so a sample might not actually be the best fit for this situation. (Of course, if you have one you'd like to share, we still want it!)
Thomas Shaw, CIPP/E, CIPP/US, has, in his newly released book, taken the approach of outlining some essential provisions to be included in a DPO contract. In lieu of a sample or template, please take a look at the excerpt linked below from the "DPO Handbook: Data Protection Officers Under the GDPR." It explains some of the necessary components of a DPO contract, leaving each organization the task of crafting the provisions in a way that fits specific organizational goals.
And if you like that, maybe these will help, too:
The resources above and many more DPO-specific resources are available in the DPO Toolkit. Check it out here.
photo credit: Visual Content Legal Contract & Signature — Warm Tones via photopin(license)