South Western Ambulance Services Foundation Trust – Outsourced DPO Services


sector :




GDPR Consultancy Services & SME Advice

The ambulance service engaged us to be their operational GDPR Subject Matter Experts (SME). Using the ICO’s 12 Steps to Compliance as a framework, we developed globalised, organisation specific policy packages and evidence requirements. We delivered tailored training, engaged stakeholders by providing briefings and practical materials (such as Data Subjects’ Fundamental Rights to… decision trees), giving key stakeholders updates on the project plan and information pertaining to ongoing risk-based analysis.

We have delivered the following for the ambulance service:

  • Full suite of policies, plans and templates, including
    • Data Privacy Impact Assessments;
    • Data Security;
    • Training;
    • Privacy Policy/ Retention Schedules;
    • 3rd party Contract Management; and,
    • Consent Management/ Review.
  • Daily policy clarifications, Q&As, support or delivery managers.
  • Development of a business case and plan (including changing implementation demands pre and post May 2018).
  • Development of and leadership of regulatory and internal governance processes.
  • The development of a future target operating model for data management.

After our successful GDPR compliance project delivery, our client engaged us for a further 12 months to provide outsourced Data Protection Officer services. Our client saw significant value for money compared with a full-time member of staff onsite with similar skills to our SME. We are able to offer such value for money by providing only 1-2 days onsite per month whilst providing 24/7 virtual DPO services via our DPAS office. We field all enquiries to relevant, experienced DPOs within our team.

The services we offer to our clients are as follows:

  • Named Data Protection Officer with 20 years’ experience;
  • Named Deputy Data Protection Officer;
  • 24/7 data breach hotline;
  • SME advice daily;
  • 48-hour clarifications log process (for internal enquiries);
  • Advice on and sign off of DPIAs and data subject rights;
  • Ongoing monitoring of compliance to data protection laws relevant to the Industry;
  • Raising awareness of data protection within the Organisations via monthly staff bulletins;
  • Yearly Data Protection Audit;
  • Cooperation with the ICO on behalf of the Organisation;
  • Access to full suite of template policies;
  • 1 Staff Training Day for Managers – CPD accredited foundation GDPR course.

Our client processes extremely high quantities of data, including special category data and are subject to extensive regulatory review.

To view our services in depth, visit our “What We Do” page. If you would like to know more about the training we offer specifically, you can see our upcoming training sessions here.

similar projects

looking for advice?