TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | A little help with DPO contracts Related reading: EU General Data Protection Regulation




7, 9, 13

With the EU General Data Protection Regulation nearly upon us, we at the IAPP have been getting an onslaught of calls and emails from members asking for compliance help. As the manager of our online Resource Center, I am on the receiving end of the bulk of those questions. Of late, one of the more frequent requests is for a sample data protection officer contract for organizations that need a DPO under the GDPR and plan to outsource the job. 

Understandably, this is a much-needed resource — and just as understandably, organizations that produce such contracts are somewhat averse to giving them away for free. It's also important to note that each of these contracts may look very different depending on the needs and goals of the organization, so a sample might not actually be the best fit for this situation. (Of course, if you have one you'd like to share, we still want it!)

Thomas Shaw, CIPP/E, CIPP/US, has, in his newly released book, taken the approach of outlining some essential provisions to be included in a DPO contract. In lieu of a sample or template, please take a look at the excerpt linked below from the "DPO Handbook: Data Protection Officers Under the GDPR." It explains some of the necessary components of a DPO contract, leaving each organization the task of crafting the provisions in a way that fits specific organizational goals.

DPO Contract Provisions

And if you like that, maybe these will help, too:

DPO Decision Tree

DPO Job Description

FAQs About the Appointment of Data Protection Officers

Series: Outsourcing Your DPO

The resources above and many more DPO-specific resources are available in the DPO Toolkit. Check it out here. 

photo credit: Visual Content Legal Contract & Signature — Warm Tones via photopin (license)

Editor's Note:

Do you have a favorite go-to resource for answering your DPO-related questions? Let us know in the comments so others can benefit from it too. 

1 Comment

If you want to comment on this post, you need to login.

  • comment Stuart Thomas CIPP/E • Apr 13, 2018
    A litigators view on being a DPO, useful, but only a start, and highly speculative as Mr Shaw points out himself in the preamble, 5 out of 10, room for growth - but that's where we are with the role I suppose, case-law and evolving guidance will show the way. 
    I think most DPO's picking this up will be surprised on his right-leaning view that a DPO has to be an attorney with all the conflict that brings, and sets the wrong tone from the start; however not saying he is wrong, it's his weighty, worthy opinion and experience, and neither does he say that a DPO has to be a solicitor or attorney, eventually he states "other professionals" as he puts it. I've worked within legal teams, and outside of them, and all data protection specialists, have lots to bring to the party.  Others have commented on his source article, that Emma Butler also co-authored. It is a shame the book didn't include her views, so being more balanced. I really think the IAPP could do better in this case. But it is a start, and the first, well done.