Virtual Data Protection Officer
Service
Expert, accessible DPO support. All the benefits of a senior data protection specialist, without the cost of an in-house appointment.
Services > Virtual Data Protection Officer
WHAT IS A vDPO?
Included
- Named DPO contact for your organisation
- Direct phone and email access to you DPO
- ICO registration support and maintenance
- Data breach triage, notification advice and ICO reporting support
- Subject access request (SAR) advice and response support
- Annual data protection review and policy refresh
- Staff queries and first-line compliance advice
- Liaison with the ICO on your behalf where required
- Regulatory monitoring, keeping you informed of relevant changes
Outsourced DPO expertise
Under UK GDPR, certain organisations are required to appoint a Data Protection Officer. Others, including many SMEs, benefit from having DPO-level expertise available even when it is not strictly mandatory. Appointing a full-time DPO is rarely cost-effective at the SME level. A contracted virtual DPO (vDPO) solves this.
Cadarn's vDPO service places Richard Davies in your corner as a named, accessible data protection specialist. You can contact him directly, not a helpdesk or shared inbox and receive the same quality of advice available to much larger organisations.
Important: UK GDPR requires that a DPO is independent, has expert knowledge of data protection law, and is given the resources to carry out their tasks. An outsourced vDPO arrangement meets these requirements where structured correctly and Cadarn ensures it is.
These services are available on a fixed-fee basis and are commonly commissioned as part of an initial engagement or on an ad-hoc basis during a contract.
Available alongside your contracted service
ADDITIONAL SERVICES
UK GDPR Compliance Audit
A comprehensive review of your data protection practices against UK GDPR requirements. Includes gap analysis and a written report with prioritised, actionable recommendations.
Data Protection Impact Assessment (DPIA)
Required for high-risk processing activities. We conduct or review DPIAs to ensure your organisation meets its obligations before proceeding with new data processing.
Data Processing Agreements
Review and preparation of data processing agreements (DPAs) with third-party suppliers and processors to ensure your contractual obligations are met.
Emergency Breach Response
Out-of-hours emergency support for serious data breaches where immediate advice and ICO notification decisions are required within the 72-hour window.
UK GDPR Compliance Audit
A comprehensive review of your data protection practices against UK GDPR requirements. Includes gap analysis and a written report with prioritised, actionable recommendations.
Privacy Notices & Documentation
Drafting and review of privacy notices, records of processing activities (RoPA), data retention schedules, and other required documentation.
vDPO Essentials
For smaller SMEs and organisations with lower-risk data processing needs.
£450 / month
6-month minimum term · billed monthly in advance
✓Named DPO contact
✓Direct phone and email access
✓Breach and SAR advice
✓Annual policy review
✓ICO registration support
vDPO Standard
For organisations with more active data processing, regular queries, or ongoing compliance projects.
£750 / month
6-month minimum term · billed monthly in advance
✓Everything in Essentials
✓Higher advisory hours allowance
✓Proactive compliance monitoring
✓Document drafting and review
✓Priority response to urgent queries
School Complete
For organisations undergoing significant change, implementing new systems, or with complex processing requirements.
£1,100 / month
6-month minimum term · billed monthly in advance
✓Everything in Standard
✓DPIA Support included
✓Quarterly compliance reviews
PRICING
Transparent, fixed-fee packages
All retainer pricing is fixed monthly. There are no hidden charges or unpredictable time-based billing so you know exactly what you are paying and what you receive.
All prices exclude VAT. Overage advisory time billed at £150/hour. Emergency out-of-hours breach triage available at a fixed fee,contact us for details.
COMMON QUESTIONS
Does my organisation need to appoint a DPO?
Under UK GDPR, you are required to appoint a DPO if you are a public authority, carry out large-scale systematic monitoring of individuals, or process special category data on a large scale. Even where it is not mandatory, many SMEs benefit from having DPO-level support available especially if they handle sensitive customer or employee data regularly.
Can an outsourced DPO fulfil the legal requirements?
Yes. UK GDPR explicitly permits the DPO function to be fulfilled by an external service provider. The DPO must be independent, have appropriate expertise, and be given the resources to carry out their tasks. Cadarn structures all retainer arrangements to meet these requirements.
What happens if we have a data breach?
You contact Richard directly. We assess the breach together, advise on whether ICO notification is required within the 72-hour window, help you prepare the notification if needed, and support any internal communications. Emergency out-of-hours support is available for serious incidents.
How is the contracted service different from just paying for ad-hoc advice?
A service provides continuity, Richard understands your organisation, your data, and your risk profile. This means faster, more relevant advice, proactive support as your needs change, and the ability to act as your named DPO with the ICO.
Ready to get your data protection right?
Start with a free, no-obligation conversation. We'll talk through your organisation, your data, and whether a vDPO retainer is the right fit.