Last Updated: November 2017

As the deadline for the implementation of the GDPR nears, many if not most companies outside those early starters have not yet filled their DPO role as required under the new regulation. There are essential job skills and appropriated profession to fill such roles, as discussed in earlier articles on the topic. With the limited quantities of qualified and experienced DPOs insufficient to meet the market demand, there will be a hurried rush to reserve any available resources for dedicated use. For everyone else, they will most likely need to outsource their DPO role, as allowed by the GDPR using a services contract. In this series, Thomas Shaw offers insight on the process of hiring and contracting an outsourced DPO and what the job entails.

Outsourcing your DPO: Questions to ask
Here's what controllers need to know before contracting with a DPO outsourcing firm as well as some questions to ask a potential DPO before selecting a candidate.

How to contract with your outsourced DPO
If an organization has decided on outsourcing the DPO role and selected its DPO based on their skills for the role, an agreement must be reached on a services contract. This involves certain legal considerations important to the parties, addressing DPO-specific issues that may arise and determining the types of outsourced DPO services desired.

Outsourcing your DPO: real-life scenarios
If you're contracting with an outsourced DPO, there are plenty of boxes to check during the hiring process. But once completed, the DPO will have a list of their own to conquer. Here are some things to consider.