London – 020 305 68855         Cornwall – 01726 247047


We can be your outsourced Data Protection Officer

Under the GDPR, you must appoint a data protection officer (DPO) if you:

  • are a public authority (except for courts acting in their judicial capacity);
  • carry out large scale systematic monitoring of individuals; or
  • carry out large scale processing of special categories of data or data relating to criminal convictions and offences.


If you need to appoint a DPO and don’t wish to hire a full-time employee, we can be your outsourced DPO for a low monthly fee.

Data Breaches

When you have a data breach, your DPO will drop everything to assist you.

Email Support

If you have a question or need some help, email your DPO for a quick answer.

Phone Support

Need to talk with someone about a data protection issue? Call your DPO for help.


We will send you updates on data protection law as part of the DPO service.

Mobile Number

You will have the mobile number of your DPO in case you have a breach out-of-hours.


Your DPO can come to your location to offer guidance, support and assistance.

Frequently Asked Questions

Most frequent questions and answers

What are the tasks of the DPO?

  • Inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws
  • Provide advice and guidance on data protection issues
  • Monitor compliance with the GDPR and other data protection laws
  • Draft policies and processes
  • Manage internal data protection activities
  • Advise on data protection impact assessments
  • Train staff
  • Conduct internal audits
  • To be the first point of contact for the ICO
  • To be the first point of contact for individuals whose data is processed (employees, customers etc).


Can we allocate the role of DPO to an existing employee?

  • Yes, as long as the professional duties of the employee are compatible with the duties of the DPO and do not lead to a conflict of interests.
  • The DPO cannot hold a position within the organisation that leads him or her to determine the purposes and the means of the processing of personal data.  As a rule of thumb, conflicting positions include senior management positions (such as chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of Human Resources or head of IT departments) but also other roles lower down in the organisational structure if such positions or roles lead to the determination of purposes and means of processing.
  • You can also contract out the role of DPO externally and we can be your Data Protection Officer.  As a minimum, we only require one contracted hour per month for our data protection officer services.

Does the DPO need specific qualifications?

  • The DPO must have expert knowledge of data protection law and practices.
  • All of our consultants are data protection specialists and experts in the GDPR.

How does the outsourced DPO package work?

  • You pay for a minimum of one hour per month.
  • The name of your DPO goes to the ICO on your behalf.
  • You can use your hour per month how ever you like. The hours do not role over from one month to the next.
  • Additional hours can be invoiced if required.
Sapphire Consulting Group Ltd is a limited company registered in England and Wales.

Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.

VAT Registration number: 285986235