Our DPO-As-Service Offers Following Activities To Keep You Compliant

Inform & Advice

Inform & Advice the controller or the processor and the employees who carry out processing of their obligations pursuant to the Regulation

Monitor Compliance

Monitor Compliance with GDPR and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits

Provide advice

Provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35


Cooperate with Supervisory Authorities

Act as the contact point for the Supervisory Authority

Act as the contact point for the Supervisory Authority on issues relating to processing, including the prior consultation referred to in Article 36

Will give proper consideration to the risk

- Will give proper consideration to the risk The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.

In addition to above following activities will be performed to keep you compliant with ISO 27701:2019 standard

  • PII Processing: Inform top level management and employees of the organization of their obligation with respect to the processing of PII.
  • DPIA: Provide advice in respect of privacy impact assessments conducted by the organization.
  • Management of Issues: Be involved in the management of all issues which relate to the processing of PII using eGRC tool.


Our Certified Data Protection Officer (CDPO) can take care your regulatory requirement of GDPR

Privacy of personal data is becoming a responsibility of every organization. Every country is recognizing this and introducing data privacy acts. Canada introduced PIPEDA in 2007 and EU made GDPR mandatory from 25th May 2018. Under Article 37 of GDPR the data protection officer is a mandatory role for all companies that control or process EU citizens' personal data. The Controller and the Processor are required to designate a DPO if they are processing information of a data subject


DPOs are responsible for educating the company and its employees about compliance, training staff involved in data processing, and conducting regular security audits. DPO is part of the leadership and responsible for informing and advising the management and employees of their obligations as required by GDPR and other data privacy acts. As per Article 39 of GDPR specific tasks are defined for DPOs.

ISO anticipated that other countries/ states will follow the lead from EU and will come with their own Data Privacy Act like for example, State of California introduced the California Consumer Protection Act (CCPA). Similarly, other countries are planning to implement their own acts. Brazil has come up with Brazilian General Data Protection Law (LGPD), India is ready to implement India Personal Data Protection Bill, Chilean Constitution established protection of personal data as a constitutional right. New Zealand Privacy Bill was introduced in July 2019 and so on. ISO introduced ISO 27701:2019 aka Privacy Information Management System (PMIS) to help organizations to be compliant with such data privacy acts

Why DPO as services?

It is not possible for the small-medium sized companies to afford a full time DPO. Typically, small-medium sized company does not always require a full time DPO as they do not require a big infrastructure and a big compliance program to meet the day-to-day requirements.

PMG has highly experienced industry experts, certified as:

Certified Data Protection Officer (CDPO) from PECB/ CIPP
Lead Implementor of BS 10012
ISO 27701 Lead Auditor

Our experts have helped multiple clients in performing gap analysis for GDPR/ CCPA and also for ISO 27701. They will meet the requirements of GDPR and also of Clause of ISO 27701.