If the amount of information privacy pros are consuming via IAPP.org on the General Data Protection Regulation is any indication, companies are scrambling to get ready for May 2018. Part of that preparation will be, for many companies, establishing a data protection officer. An IAPP study recently found that an estimated 75,000 DPOs will be required globally. That's a lot of DPOs. For small- and medium-sized companies, especially, who may not currently have someone well poised to staff that position, hiring one can be a daunting and expensive proposition. 

Aiming to assist companies concerned with how they'll meet the requirement, Information Law Group has launched a service it's calling CPO on Demand. The idea is that InfoLawGroup acts as the outside CPO on an as-needed basis. The program's offerings include working with engineering and product teams on privacy by design, creating internal policies or obtaining seals and certifications, as well as conducting training sessions for companies to ensure compliance with relevant laws and regulations. 

While it's likely small- to medium-sized businesses that might benefit most from the service, even larger companies, given the amount of privacy compliance work to be done of late, might find the on-demand aspect attractive, said Justine Gottshall, a partner at InfoLawGroup. 

"I think we see it in a lot of ways as three buckets," she said. "The ability to help organizations address privacy compliance more efficiently and cost effectively, because we're a team of very experienced lawyers and professionals who can address key compliance issues, and we have been for a very long time. I think the other aspect is helping organizations who just don't have internal resources yet. Others might have a good start but don't have as much experience in certain aspects ... They're overwhelmed because things are coming at them furiously. And the third is to help organizations holistically." 

Gottshall said the program differs from the traditional model of simply hiring outside counsel in the preventative nature of this relationship. "The CPO tries to handle things before they're an issue, where often outside counseling is handling things after they've arisen. I think one way we can look [at CPO on Demand] is, sometimes we hire an outside counsel who is really in many ways acting from the outside but getting more deeply involved internally and solving [these problems] as they arise." 

The GDPR is really highlighting now the need for companies to have internal resources dedicated to privacy, Gottshall said. But it's also about the fact that smart technologies and the internet of things have changed the privacy landscape, partly by the sheer scope of those who need to pay attention now or risk potential regulatory trouble or reputational risk. 

"The need for privacy by design and privacy by default is touching organizations today in a way that it just simply wouldn't have 10 years ago," she said. "It's going almost at a speed of light, so, almost all companies now need to be dealing with these issues in a really holistic and significant way. But particularly if these are newer issues for your organization, there just isn't the ability to ramp up with that internally." She said CPO on Demand aims to offer organizations the experience and specialties the lawyers, eight of them in total, at InfoLawGroup have combined. 

"It's pulling together a lot of what we've been doing for clients for years and years and years, but [CPO on Demand] is a realization that there's a real need for organizations of most, if not all, sizes to pull together more and more privacy compliance," Gottshall said. "Sort of nuts-and-bolts, A-to-Z privacy compliance." 

photo credit: franchiseopportunitiesphotos
via