Get your tailored quote!

Or book an appointment here...

OR WHY NOT GIVE US A CALL ON:

(020) 36956 452
Daido_Metal_UK
Elevate_Logo_RGB-1
MJ_Quinn_UK
thermahome-logo
Hyatt
Finefair

For many companies, appointing a data protection officer (DPO) is a mandatory step and one that entails a bevy of questions, not least of which pertains to the financial burden involved. But how justified is this concern? How will a data protection officer affect your bottom line? In this article, we’ll take a closer look.

What a data protection officer will cost your company depends on a number of factors, among them the model you decide to follow. Costs for outsourced DPO services can run at as little as £60 a month. This will depend on the size of your company, your data protection requirements, and the DPO service provider’s options. Many cheaper service providers only offer you to be their officially announced DPO, but no further (consulting) services. But a good rule of thumb is: Outsourcing the DPO role to an external provider incurs lower costs than appointing an internal staff member.

The facts in a nutshell

  • The costs of an external DPO depend largely on the size of your company, the type of business activities you perform as well as the industry in which you’re active.
  • Employing an internal DPO will cost you; the average UK salary for a data protection officer was over £42K in 2021, with entry level positions costing your company as much as £2.5K a month.
  • If the advice given results in damages or fines, an external DPO is liable for the losses.
  • All this means an external DPO is most often the cheaper and more efficient choice.

 

In this article

 

Data Protection Officer salary: What does an external DPO cost?

 

 

Low

Medium

High

Industry

Retail, workshop, hospitality, skilled trades

Ad agencies, travel, tourism, physicians, industry, attorneys, e-commerce

Attorneys, e-commerce, finance, staffing agencies, software solutions

Number of employees

Less than 20

20 to 100

100 and above

Personal data

Seldom processed

Frequently processed

Processing is a core activity

Monthly fee

£175 to £375

£500 to £900

 £1,000 +

*The numbers from the table above are based on DataGuard’s pricing model.

Please note: The above chart is meant to serve SMEs as a starting point for cost estimation. Companies with several thousand employees can expect significantly higher figures. The above chart doesn’t include additional consultation services that might be required, e.g., in the event of security incidents.

 

Your business is not really represented in this chart? You can easily calculate your estimated individual costs for external DPO services with our price calculator. Just follow this link.

 

Appointing a DPO usually starts with an extensive audit. This cost will also vary depending on the factors mentioned above but would typically start at around £950.

What is happening in a data privacy audit? You will find the answer in this blog article: What is a data privacy audit?

 

Pricing models of external DPO services

The term “external data protection officer” can refer to different DPO models with varying services and costs. Here is an overview of the most common types:

 

Data protection consultant

External DPO

Hybrid model

Provider

Often law firms or IT experts with the relevant training

Software solutions with remote DPO

A combination of software and a team of fully qualified lawyers and data protection consultants

Services

Can be appointed as an external DPO; Comprehensive guidance; Support in implementing data protection measures; Law firms handle any legal disputes

Can be appointed as external DPO; Low level of guidance and additional services; Merely meets the minimum legal requirement of appointing a DPO

Can be appointed as external DPO; Comprehensive guidance; Support in implementing data protection measures; User-friendly software with all agreements and documents; In some cases, handling of any legal disputes

Pricing model

Often an hourly fee (on average between £175 and £500); Additional fixed monthly fee for DPO appointment

Fixed monthly fee

Fixed monthly fee; Fixed number of consultation hours; Additional consultation on hourly basis

Monthly costs for SMEs (on average)

Many DPO service provider only quote days which means the costs can get pretty high. Usually costs for a data protection consultant vary between £1,000 and £2,000 per day, including a one-time audit.

£50 to £500

£175 - £1,000 +

 

Hybrid service providers offer an excellent price-performance ratio, especially for SMEs. Hybrid models incur significantly lower costs than law firms, but the guidance and support provided is equivalent to them. Unlike a single external DPO, you will also benefit from having a professional team at your side that can offer competent assistance in all matters related to data protection. At the same time, state-of-the-art approaches mean the support you receive is maximised for efficiency, e.g., through automated processes. This gives you strong guidance whilst lowering costs.

At DataGuard, our 150 plus employees take a software-assisted approach at handling all data protection matters for over 3,000 companies – it’s more than a job, it’s our passion. With monthly costs of between £175 and £900, our SME customers benefit from extensive data protection guidance in addition to having an external DPO.

By the way: Did you know that a first initial consultation with DataGuard is free of charge? Just schedule an appointment with us.

Talk to an expert DataGuard

 

Data Protection Officer salary: How expensive is an internal data protection officer?

Must my company opt for an external DPO? Not necessarily. You might appoint a company employee as your internal data protection officer, provided the individual has the relevant qualifications. But this solution includes its own financial considerations.

 

An internal or external DPO?

If you’re still not sure whether an internal or an external DPO is right for you, read on to learn more about each model in depth.

  • Working hours as the DPO: The hours during which your employee is active as your company’s DPO will detract from the time they can invest in their principal duties, potentially affecting their contributions to value creation. This means that an internal data protection officer becomes more expensive the more time they spend on those duties.
  • Increased salary: Appointing a staff member as your DPO and the additional qualifications required for the job will entitle your employee to a rise in salary.
  • DPO training: The less qualified your employee is for the job, the greater the costs for training as a data protection officer will be.

You can find a detailed comparison of the internal and external DPO solutions in this article.  

Cost comparison: Internal and external DPO

The following figures compare the annual costs for an internal versus an external DPO, using a business with low to medium data protection requirements as an example, e.g., a carpenter, a hotel, or an advertising agency. The DataGuard pricing model was used to calculate the costs for an external DPO in the London area (hybrid model).

 

Costs

Part-time DPO

External DPO

Working hours

20 %

100 %

Employee’s annual salary

£56,600*

-

Proportion of salary for DPO

£11,320

-

20% non-wage labour costs

£2,264

(19 % VAT)

DPO training

£1,000

£0

Travel expenses (e.g. through training)

£500

£0

Fixed fee

-

£2,100

Total annual costs

£15,084

£2,100

 

One more thing: Your business will incur additional costs for training and certification before your employee can commence activities as your internal DPO starting at £2,000.

 

How a DPO can save you money in the event of a data breach

True, outsourcing a data protection officer is not free, but it will pay off for your business, and quickly! On the one hand, having the professional advice of your DPO will help prevent potential GDPR fines that would easily dwarf the expense of outsourcing data protection. On the other hand, an external DPO is liable for losses in the event of a data breach because of insufficient advice. 

GDPR fines

Article 83 of the GDPR stipulates that companies may be fined 10 million EUR or up to 2 per cent of annual turnover for minor data protection infringements. Serious violations are subject to fines twice as high.

 

Conclusion

Appointing a data protection officer need not empty your company’s coffers – especially if you go with an external DPO solution. You can benefit from hybrid solutions that combine software and remote DPOs for less than the cost of an internal DPO. Approaches like this guarantee your business will have the highly qualified professional guidance and legal security you need without paying a lawyer exorbitant fee to do the job.

Back to the top

Have 5 minutes? Let us show you how DataGuard can help you in your journey of data privacy.

1. If you need a little guidance in terms of implementation of Information Security or GDPR, start with our free whitepapers today.

2. Information Security as a Competitive Advantage! Have a look at our services.

3. Future-proof your Data Privacy with GDPR compliance. Get solutions tailored to your needs. 

4. Looking to Boost your Customer Trust? Go the extra mile with  Consent Management.

5. Want to be a Data Privacy Champion? Try out our Academy for free & Boost your Privacy Knowledge.

For the latest news and updates on Data Privacy, follow us - Dataguard LinkedinDataGuard twitter

close