top of page

GDPR Data Protection Officer (DPO Service)

We take the tasks related to data protection off the organization's shoulders. We carry out the mandatory annual review and help with critical data management tasks, in the event of an incident, we approach the authorities and document the incident. 

Currently, the Data Protection Authority has not yet checked whether an organization that would be obliged to report to the Data Protection Officer has really fulfilled its obligation and reported a person in whose case a conflict of interest does not really arise._cc781905-5cde-3194-bb3b- 136bad5cf58d_


The basic rule is that no Data Protection Officer can be authorized to make decisions in the data management process, i.e. the executive and senior management are excluded.  

This is one of the reasons why it is worth outsourcing the task, it is expected that the Authority will check it. 


The duty of the Data Protection Officer is to check and support the data management of the data subjects within the Organization. 
In this area of responsibility, after preparation, the area where the organization needs the most help is not legal compliance, but rather the organization of the business process and the technical development of IT support.  


During the Data Protection Officer service, Gill & Murry provides assistance to organizations in reorganizing their processes and transforming the IT system so that it meets the requirements of the GDPR. 


As part of the service, we also handle data protection incident management. More about it with our incident management serviceYou can read _cc781905-5cde-3194-bb3b-136bad5cf58d.

Who should appoint a data protection officer?

  • Healthcare providers where more than one doctor is active.

  • Schools, kindergartens.

  • Organizations performing public duties, TV, radio, utilities.

  • Public authorities, municipalities.

  • Organizations where data management activities are carried out on behalf of the above organizations, e.g. according to a delegation agreement.

  • Patient rights associations.

  • All organizations where you have to manage health data in connection with your main activity - with the exception of employment

Who do we recommend?
  • Those who do not have a colleague with appropriate qualifications and experience. 

  • Those whose organization has no one to report to the authority due to a conflict of interest.

  • Also for those who are not obliged to appoint a DPO, but are looking for an experienced partner to support their data management duties.

Regular activities
  • Based on the requirements of the GDPR regulation, we conduct an internal audit once a year.

  • We provide professional advice upon request.

  • We give an opinion on impact assessments.

  • According to the contract, we provide regular on-site appearances.

  • We participate in communication with the Data Protection Authority. 

  • If required, we contact the Data Protection Authority (NAIH).

Flat rate service

As requested by the data controller

  • Low monthly fee and hourly billing, depending on the tasks performed.

  • A fixed hourly rate already included in the monthly fee, which the customer can use freely.

Areas to be investigated by the DPO
  • Documentation of GDPR rules.

  • The operation of the organization - GDPR compliance of data management workflows

  • IT system compliance with GDPR.

Why Gill & Murry?

We provide DPO services for several large data controllers, and as a result, unfortunately, we have a lot of experience in handling suspected incidents and incidents. We understand not only the legal field of the GDPR, but also the IT and process organization fields. 

The experience of handling major incidents has given us the opportunity to learn about the loopholes inherent in the notification process, which we exploit for the benefit of our customers.

bottom of page