Kroll, the risk mitigation and investigative consultancy, has launched Data Protection Officer (DPO) Consultancy Services ahead of the introduction of the European Union General Data Protection Regulation (GDPR) on May 25. Kroll says that its DPO Consultancy Services are an expansion of its global Cyber Security and Investigations offering and are being provided with data privacy law firms.
The services are aimed at diverse industries becoming and staying compliant with the new data protection rules, in particular Article 37 of the GDPR which makes the appointment of a DPO mandatory for various organisations of any size processing large volumes of data or collecting and processing special categories of data. According to the consultants, the mandatory DPO appointment is potentially problematic as the requirements and responsibilities of the position outnumber the skill set and qualifications of most information security, compliance, and privacy professionals available. The DPO is tasked with not only managing education and training as related to GDPR mandates for data processing, but also for conducting security audits and serving as a point of contact for government officials.
The GDPR will apply to EU companies, multinationals with employees or customers in the EU, and companies outside the EU who are offering services to EU persons or monitoring EU residents’ behaviour in the EU. Non-compliance for violations of GDPR could be sanctioned with fines as high as 4pc of annual global revenue or 20 million euros.
Andrew Beckett, Managing Director and EMEA Cyber Leader, Kroll, said: “The role of the Data Protection Officer carries a greater breadth of responsibility than just one individual can support in many cases, charged with overseeing a host of data privacy and security processes and controls intended to comply with the new GDPR requirements. Likewise, starting up and implementing a true DPO programme will require time, knowledge, and resources that many organisations simply do not have. This is why Kroll has launched DPO Consultancy Services: to give our clients timely access to both technical and legal expertise so they have a team of highly experienced specialists working for them, not solely one individual.”