DPO and Privacy Outsourcing

A total approach

We are focused on making sure that our clients, not only are fully compliant, but are also managing data in a way that aligns with the fourth industrial revolution and the future data rights of individuals. Our approach is centred on our risk mitigation pathway model, which starts with looking at your communications, culture, business process and IT systems, thus rendering insurance and dispute resolution your last resort.

This approach is total; starting with training and education, we want our clients to remain ahead of the legislative curve. Our training is aimed at showing how you can add substantial value to your clients by understanding and empathising with individuals and their data rights, including Erasure, Portability and Accuracy.

If you still need to implement GDPR compliance, we can pick up the project from any point and elevate it to a high degree of compliance and therefore relieve you from the regulatory burden so you can focus on what really matters.

If you want an expert to monitor your systems on a regular basis, we can provide you with any of our highly skilled Data Protection Officers, who are ready to take on that responsibility for you.


There is a lot of preparation to be done before the GDPR Data Protection Laws come into force on May 25th. Amongst others, you have to document every process which you undertake that involves personal data, identify all the types of data, the legal basis for holding it, the duration of its retention, and document the measures you take to make it secure. Thinking of not utilising our Data Protection Officers? You might have to reconsider…

The Data Protection Officer has to have particular skills and attributes and a particular position in your organisation:

  • He will have to be invited to participate regularly in meetings of senior and middle management and his counsel on data protection must be given due weight;
  • He must be given the time, resources and training required to carry out his tasks and maintain his expert knowledge;
  • He must be able to perform his duties in an independent manner without being subject to instructions;
  • There can be no conflict of interest. Towards that end, he cannot hold any position whatsoever within your organisation which leads him to determine the purposes and means of processing personal data;
  • He cannot be dismissed or penalised for performing his tasks, including absence or delay in promotion or other benefits as well as dismissal.
  • Data protection compliance is a corporate responsibility of the data controller, not of the DPO.

We understand that this is a very difficult appointment to make. 

But help is at hand –

The Article 29 Working Party Guidelines on Data Protection Officers (“DPOs”) outlines how the function of the DPO can “be exercised on the basis of a service contract concluded with an individual or organisation outside the controller’s/processor’s organisation”

WP29 states that in such an arrangement “individual skills and strengths can be combined so that several individuals, working in a team, may more effectively serve their clients

We at tlam agree

The Working Party recommends that in this case there should be a clear allocation of tasks within the DPO team with a lead contact and person in charge assigned to each client.

We at tlam agree

Having more than 10 years of experience of working for Law Firms, we are in position to take away the headache of appointing a suitable DPO by undertaking this role for you in an effective and cost efficient way.