Your Business may need a DPO or a CISO!

The introduction of the GDPR has seen the creation of a role for a Data Protection Officer (DPO) if your organisation processes certain types or volumes of data. the shortage of skills in cyber security has made good CISO's a rare commodity.

Not all organisations need a DPO or CISO, however the skills and knowledge brought by a DPO and CISO can bring both cost reductions and greater compliance. Many organisations cannot afford a DPO or CISO full time but using DPO or CISO as a service is cost effective and brings many advantages to you.

Data protection and compliance requirements are increasing and if you want to trade globally, there are many different rules and regulations and you need assistance to be on the right side of the law.

Many organisations do not know where to start or cannot afford full time DPO or CISO expertise internally due to skills shortages and costs, in many cases it is not cost effective or efficient to have an internal resource. By having a DPO or CISO available by outsourcing these functions, you get the benefits of both knowledge and cost reduction.

The Benefits Realised

  • Data protection and security compliance skills when you need them;
  • Trusted advisors who can help with your compliance roadmap, ensuring investments provide maximum value and return, closing current and future compliance gaps;
  • Reduced costs associated with full time data protection or security staff;
  • Independent advisor, providing balanced views and impartial advice;
  • Allows companies to focus on core skills rather than data protection or security;
  • Demonstration to customers and Supervisory Authorities of your commitment to data protection and information security;
  • Assistance in the event of a data breach or other mandatory requirements that involve data subjects, customers or Supervisory Authorities;
  • Cross functional advice, bringing together a holistic view on data protection and your organisations culture, enabling change for the good;

How Excis Can Help

Excis can provide you with DPO’s and CISO's who have many years’ experience across different industries, technologies and sectors. For instance; the approach taken by each DPO is cross functional and begins with a risk assessment to discover any potential gaps. After review, the gaps are presented back to you and a strategy for closing or managing them is derived and agreed. The required levels of support based upon your needs and capabilities are determined and a framework for delivery is put in place. Excis can offer a one off bespoke service as a part of the DPO or CISO service or if you have a specific requirement that needs a DPO or CISO for a short period, we can also provide someone to assist.

When you engage with Excis we will explain our processes as they are specific to your needs and we aim to be efficient and to bring you the maximum benefits quickly. Typically, we can determine your needs and guide you through your journey after the initial assessment. We will identify key issues, provide expert advice and recommendations to address any challenges that you may face or requirements that you may have.

Areas where we provided support includes:

  • Risk and Compliance Gap Analysis, Data Process and Flow Mapping,
  • Privacy, Security Policy Review and Development,
  • Data protection impact assessment (DPIA),
  • GDPR and Security Awareness Training and Bespoke Syllabus Development,
  • Data Protection and Security Audit,
  • Privacy by Design, Covering Software, Hardware or Services;
  • Breach Response Process Creation, response training and management,
  • Subject Access Request (SAR) Management,
  • Data Protection, Transfer Agreements and standard contractual clauses,
  • Supplier and Customer Contract Reviews to assure compliance / assess gaps with applicable law,
  • Advisory Services on Data Protection in specific industries or countries,
  • Cloud Data Protection, including selection, review and contracting, ongoing surveillance and audit,
  • Liaison with Supervisory Authorities, customers and supply chain in the event of breach
  • Prior consultation with Supervisory Authorities or customers where products, services or platforms require prior approval before implementation.

Please email: or call +44 (0) 1622 926 312 for more information.