External data protection officer Costs: Save on wages and training costs

Every company must appoint someone as a contact person for data protection issues. As soon as the business model, type of data processing, company size or other factors arise, SMEs must also appoint a data protection officer (DPO) with the necessary specialist knowledge. As a rule, it is not a problem for corporations to assign an employee solely to data protection without assigning them any other task in the company. Small medium-sized enterprises (SMEs) cannot afford this. In small companies, it is important to build customer loyalty and maintain it in the long term. Therefore, the handling of personal data is an increasingly critical aspect of a commercial activity. Business customers and consumers have now realized that negligent handling of customer data can harm them personally. Cybercriminals use stolen data to make illegal purchases at the expense of victims.

How much does an external data protection officer cost?

An external data protection officer (eDPO) costs from £150 per month. In addition, there are industry-specific additional work or materials that the company needs. This is because some companies have an integrated management system that takes both ISO 27001 and EU GDPR into account. On the other hand, an internal data protection officer would cost at least £4,000 in wages.

Digital transformation has modernized processes in companies and authorities. However, not everything has gotten better. Homework was often ignored and data breaches were literally provoked. Hackers and cybercriminals have been able to repeatedly break into British companies to this day. The damage and fines can be limited, but you cannot buy customer trust. Do companies need more motivation to protect critical data? We find this motivation in the competitive advantage of certified data protection and certified information security according to ISO27001.

Frequently asked questions about the costs of an external DPO

Pure data protection officers without special IT knowledge (e.g. cyber security expert, lawyer) start with a comparatively low annual gross salary of GBP 26,000. The average salary is around £33,000. In corporate settings, a DPO receives an annual salary of between £49,000 and £79,000.

A data protection officer becomes mandatory if at least 20 employees are constantly involved in the automated processing of personal data. In special cases, companies with five or more employees must appoint a data protection officer.

Many companies still do not have a data protection officer. Management usually points to tax audits that take place every 30 years. Therefore, they do not expect any scrutiny from regulators. However, violating this obligation constitutes an administrative offense that can be punished with a fine of up to €10 million or 2% of annual worldwide turnover.

Training to become a certified data protection officer costs between £3,000 and £8,000. The further training lasts 10 days as face-to-face teaching.

According to Art. 37 Paragraph 1 section a) GDPR, the controller and the processor must in any case appoint data protection officers if the processing is carried out by an authority or public body.

An employed data protection officer (DPO) enjoys special protection against dismissal. Ordinary termination is excluded for data protection officers. Even after their work as a DPO has ended, data protection officers may not be properly terminated within one year. This is why SMEs tend to hire an external data protection officer.