Blue page with many words relating to data protection including a prominent GDPR

Data Protection Officer / Senior Responsible Individual

What is it about?

This title of DPO is expected to disappear when the Data Protection and Digital Information Bill (DPDI) is enacted. The new legislation will create the successor role of Senior Responsible Individual (SRI).

Only a minority of organisations were required to appoint DPOs under the Data Protection Act, whilst under the DPDI it will be mandatory in fewer situations. Nevertheless it is common for organisations which take Data Protection seriously to make a voluntary appointment. External DPO/SRIs such as Exigia can plug knowledge and skills gaps and provide much needed independent judgement.

How hard can it be?

  • Data Protection is complicated and ever changing
  • Getting it wrong can lead to serious consequences such as loss of business and even heavy regulatory fines
  • Legislation isn’t the only consideration; standards, technology changes and sector practices need to be taken into account
  • Internal management are inevitably busy, focused elsewhere and cannot be expected to be as independent as an external advisor


How can we help?

We can really make a difference with

  • Audit and review of process and documents
  • Briefing papers and reports
  • Assessing new programmes
  • Risk assessments
  • Data Protection Impact Assessments (DPIAs)
  • Legitimate Interest, Transfer Risk and other assessments
  • Incident handling
  • Acting as a point of contact with data subjects for access and data rights requests
  • Dealing with the Information Commissioner’s Office
If you would value the independent view and advice that only an external DPO or SRI can provide
contact us to discuss Exigia becoming your DPO/SRI
We are only a click or two away
Skip to content