Available at a fixed monthly cost

Get your quote today

What we offer at a glance

  • Get an external data protection officer
  • Audit of your data privacy status quo
  • GDPR support for small businesses and large corporations
  • Personal contact person & individual support
  • Easier communication with authorities
  • 100+ experts from the fields of law, economics & IT

Don't trust us, trust them:

Jedox  Logo Contact Demodesk Logo Contact Elevate Logo Contact Canon  Logo Contact CBTL Logo Contact Alasco  Logo Contact RightNow Logo Contact Veganz Logo Contact Escada Logo Contact First Group Logo Contact

Learn more about our prices & services

or call us now: (020) 36956 452

Data Protection Officer salary: costs for an external or internal DPO

For many companies, appointing a data protection officer (DPO) is a mandatory step and one that entails a bevy of questions, not least of which pertains to the financial burden involved. But how justified is this concern? How will a data protection officer affect your bottom line? In this article, we’ll take a closer look.

What a data protection officer will cost your company depends on a number of factors, among them the model you decide to follow. Costs for outsourced DPO services can run at as little as £60 a month. This will depend on the size of your company, your data protection requirements, and the DPO service provider’s options. Many cheaper service providers only offer you to be their officially announced DPO, but no further (consulting) services. But a good rule of thumb is: Outsourcing the DPO role to an external provider incurs lower costs than appointing an internal staff member.

The facts in a nutshell

  • The costs of an external DPO depend largely on the size of your company, the type of business activities you perform as well as the industry in which you’re active.
  • Employing an internal DPO will cost you; the average UK salary for a data protection officer was over £42K in 2021, with entry level positions costing your company as much as £2.5K a month.
  • If the advice given results in damages or fines, an external DPO is liable for the losses.
  • All this means an external DPO is most often the cheaper and more efficient choice.

In this article

Data Protection Officer salary: What does an external DPO cost?







Retail, workshop, hospitality, skilled trades

Ad agencies, travel, tourism, physicians, industry, attorneys, e-commerce

Attorneys, e-commerce, finance, staffing agencies, software solutions

Number of employees

Less than 20

20 to 100

100 and above

Personal data

Seldom processed

Frequently processed

Processing is a core activity

Monthly fee

£175 to £375

£500 to £900

 £1,000 +

*The numbers from the table above are based on DataGuard’s pricing model.

Please note: The above chart is meant to serve SMEs as a starting point for cost estimation. Companies with several thousand employees can expect significantly higher figures. The above chart doesn’t include additional consultation services that might be required, e.g., in the event of security incidents.


Your business is not really represented in this chart? You can easily calculate your estimated individual costs for external DPO services with our price calculator. Just follow this link.

Appointing a DPO usually starts with an extensive audit. This cost will also vary depending on the factors mentioned above but would typically start at around £950.

What is happening in a data privacy audit? You will find the answer in this blog article: What is a data privacy audit?

Pricing models of external DPO services

The term “external data protection officer” can refer to different DPO models with varying services and costs. Here is an overview of the most common types:


Data protection consultant

External DPO

Hybrid model


Often law firms or IT experts with the relevant training

Software solutions with remote DPO

A combination of software and a team of fully qualified lawyers and data protection consultants


Can be appointed as an external DPO; Comprehensive guidance; Support in implementing data protection measures; Law firms handle any legal disputes

Can be appointed as external DPO; Low level of guidance and additional services; Merely meets the minimum legal requirement of appointing a DPO

Can be appointed as external DPO; Comprehensive guidance; Support in implementing data protection measures; User-friendly software with all agreements and documents; In some cases, handling of any legal disputes

Pricing model

Often an hourly fee (on average between £175 and £500); Additional fixed monthly fee for DPO appointment

Fixed monthly fee

Fixed monthly fee; Fixed number of consultation hours; Additional consultation on hourly basis

Monthly costs for SMEs (on average)

Many DPO service provider only quote days which means the costs can get pretty high. Usually costs for a data protection consultant vary between £1,000 and £2,000 per day, including a one-time audit.

£50 to £500

£175 - £1,000 +


Hybrid service providers offer an excellent price-performance ratio, especially for SMEs. Hybrid models incur significantly lower costs than law firms, but the guidance and support provided is equivalent to them. Unlike a single external DPO, you will also benefit from having a professional team at your side that can offer competent assistance in all matters related to data protection. At the same time, state-of-the-art approaches mean the support you receive is maximised for efficiency, e.g., through automated processes. This gives you strong guidance whilst lowering costs.

At DataGuard, our 150 plus employees take a software-assisted approach at handling all data protection matters for over 3,000 companies – it’s more than a job, it’s our passion. With monthly costs of between £175 and £900, our SME customers benefit from extensive data protection guidance in addition to having an external DPO.



Data Protection Officer salary: How expensive is an internal data protection officer?

Must my company opt for an external DPO? Not necessarily. You might appoint a company employee as your internal data protection officer, provided the individual has the relevant qualifications. But this solution includes its own financial considerations.

An internal or external DPO?

If you’re still not sure whether an internal or an external DPO is right for you, read on to learn more about each model in depth.

  • Working hours as the DPO: The hours during which your employee is active as your company’s DPO will detract from the time they can invest in their principal duties, potentially affecting their contributions to value creation. This means that an internal data protection officer becomes more expensive the more time they spend on those duties.
  • Increased salary: Appointing a staff member as your DPO and the additional qualifications required for the job will entitle your employee to a rise in salary.
  • DPO training: The less qualified your employee is for the job, the greater the costs for training as a data protection officer will be.

You can find a detailed comparison of the internal and external DPO solutions in this article.  

Cost comparison: Internal and external DPO

The following figures compare the annual costs for an internal versus an external DPO, using a business with low to medium data protection requirements as an example, e.g., a carpenter, a hotel, or an advertising agency. The DataGuard pricing model was used to calculate the costs for an external DPO in the London area (hybrid model).


Part-time DPO

External DPO

Working hours

20 %

100 %

Employee’s annual salary



Proportion of salary for DPO



20% non-wage labour costs


(19 % VAT)

DPO training



Travel expenses (e.g. through training)



Fixed fee



Total annual costs




One more thing: Your business will incur additional costs for training and certification before your employee can commence activities as your internal DPO starting at £2,000.

How a DPO can save you money in the event of a data breach

True, outsourcing a data protection officer is not free, but it will pay off for your business, and quickly! On the one hand, having the professional advice of your DPO will help prevent potential GDPR fines that would easily dwarf the expense of outsourcing data protection. On the other hand, an external DPO is liable for losses in the event of a data breach because of insufficient advice. 

GDPR fines

Article 83 of the GDPR stipulates that companies may be fined 10 million EUR or up to 2 per cent of annual turnover for minor data protection infringements. Serious violations are subject to fines twice as high. You will be able to learn more about GDPR fines for small businesses here.


Appointing a data protection officer need not empty your company’s coffers – especially if you go with an external DPO solution. You can benefit from hybrid solutions that combine software and remote DPOs for less than the cost of an internal DPO. Approaches like this guarantee your business will have the highly qualified professional guidance and legal security you need without paying a lawyer exorbitant fee to do the job.

DataGuard’s Privacy-as-a-Service solution combines the best of both worlds: support from privacy experts plus a web-based privacy platform. Get in touch with one of our experts today:

Book an appointment


Image CTA Expert Male 2

Are you looking for an external data protection officer?

  • Tested & certified GDPR expert
  • Industry-specific data protection expertise
  • Personal and individual advice

Find out more about our scope of services and costs.

About the author

Ren Watson

As a results-focussed analyst, Ren has worked in many industries including finance, charity and start-ups and became interested in data protection as a focus over the last decade. Using her analyst skills alongside her data protection expertise, she has consulted with charity, media and energy companies to understand their data protection requirements and has provided guidance and support for implementation of multiple privacy programmes. Today, she provides multi-functional support and awareness within DataGuard and to clients to promote privacy beyond compliance.

Explore more articles