Virtual DPO & CISO

VIRTUAL CISO & DPO

Virtual Information Security and Data Protection

Your Virtual CISO: taking care of data security compliance

Like DPOs, Chief Information Security Officers (CISOs) are in big demand, and can be expensive, thanks to the recent changes to data legislation. The CISO is expected to anticipate data breaches, security risks and any new threats and to attempt to prevent them from occurring. They would liaise with all the company’s departments to ensure that data privacy and security systems are operating properly to limit a company’s operational risks.

They are also expected to undertake employee security awareness training, to establish secure business and communication practices, to procure appropriate security products and to ensure that the company is compliant with current rules and regulations.

As with our Virtual DPO service, CARG can ensure that your company remains compliant with the regulations and discuss the resource level your company requires within an agreed monthly budget.

PECR: the regulations that govern your electronic marketing communications

The recent obsession with GDPR has obscured the fact that a substantial degree of the regulations covering marketing activity aren't solely governed by GDPR. An earlier piece of legislation known as the Privacy and Electronic Communications Regulations (PECR) governs most forms of electronic marketing, ie by telephone, email, SMS or any other means of electronic mail.

In terms of processing data, PECR, which has actually been in place since 2003, dictates the types of communication you can send. It determines what kind of marketing emails you can send to customers, whether or not you can still use soft opt-in and how and when you are entitled to use data lists purchased from third parties.

CARG's Virtual DPO services cover GDPR, PECR and any other regulations as and when they come into force or are updated. It's our job to maintain an awareness of prevailing legislation, all within our agreed budget.

Helping organisations meet their GDPR and PECR obligations

In light of the biggest change to data protection practice in 20 years, the General Data Protection Regulation (GDPR) which came into force in May 2018, organisations like yours are expected to appoint a Data Protection Officer (DPO) who has knowledge of data protection law and the tasks required.

While failure to do this may put companies at regulatory risk and possible litigation, not everyone can afford to appoint an individual with the right skills and expertise.

However, organisations are allowed to appoint a Data Protection Officer on a contract basis and our Virtual DPO service can ensure that your company remains compliant with the regulations and we can discuss the resource level your company requires within an agreed monthly budget.