For organizations that are subject to the EU General Data Protection Regulation (GDPR), appointing a Data Protection Officer (DPO) is often one of the greatest challenges they will face in complying with the law.

On top of GDPR, companies conducting any international business may also need to comply with a host of data privacy regulations from around the world. Many countries outside the U.K. and Europe – including the United States, Canada, and Australia – have data privacy laws that, like the GDPR, require covered entities to appoint someone who must essentially act as a full-time privacy and security officer.

These positions are difficult to fill in-house, even for large companies. In many cases – depending on the applicable law – a DPO’s required duties cannot be performed by a single individual. Kroll has the experience, expertise and resources to help.

In partnership with leading data privacy law firms, we offer DPO consultancy services to help clients become and stay compliant with GDPR and other data privacy laws and regulations.

Tactical and Strategic Support to Build Your DPO Program

Kroll’s technical and legal experts can help companies quickly set up and maintain a compliant DPO program. Members of our team not only have decades of experience and expertise in data privacy and security, they are also well versed in cyber risk assessments and investigations on a global scale.

Working with our experts allows companies to expand their capabilities in a way that aligns technology and operations decision-making with data privacy standards and best practices while also improving their overall cyber resiliency.

Typical DPO Duties Under Data Privacy Regulations, Including GDPR
Kroll’s DPO Consultancy Support
(In partnership with leading data privacy law firms)
  • Monitor both the company’s compliance with relevant data privacy rules and data privacy risks that arise from its activities
  • Inform and advise management and all relevant employees of their obligations under relevant data privacy and security laws
  • Recommend assessment action plans to identify gaps in regulatory compliance, including compiling and maintaining any mandated documentation or audit trails
  • Raise awareness within the organization of how data privacy laws affect data processing requirements
  • Ensure all covered employees are trained on data processing requirements
  • Promote data privacy awareness within the client company, including customized training for all personnel, from front-line employees to board members
  • Conduct data protection impact assessments
  • Advise clients about the risks arising from data processing activities
  • Create an operational roadmap and maturity model for the client’s organization
  • Perform data protection impact assessments and provide any needed risk-mitigation recommendations
  • Maintain records of processing
  • Maintain data processing records
  • Conduct regular audits of the company’s existing data security and processing measures
  • Identify information assets and process flows used to create, store, transmit and dispose of personal data and which are subject to data privacy specifications established by law
  • Advise clients on which actions are required under relevant data privacy laws and which are advisable due to the data processing risks arising from their company’s activities
  • Serve as a point of contact for data subjects and supervisory authorities
  • Continuous monitoring to ensure compliance with applicable regulatory standards
Kroll’s Identity Theft and Breach Notification Services

For many organizations, the data breach notification requirements in recent data privacy laws may be unknown territory. Kroll is a global leader in breach response and identity theft remediation services. Our experts provide comprehensive solutions – from proactive preparation to crisis management – to help companies comply with the law, preserve resources, and protect their reputations.

Kroll closely tracks the evolution and development of global data privacy regulations so we can continue to expand our capabilities and fulfill the needs of customers across a wide range of industries and jurisdictions.

Data Protection Officer (DPO) Consultancy Services 

Kroll Global Cyber Team Expertise

With offices in 20 countries and more than 30 cities, and experts that speak over 12 languages, our team has extensive, hands-on experience with a wide range of regulations, including GDPR, PCI DSS, CASL, US HIPAA and Hong Kong's DPO Principle 4. Many of our cyber experts bring years of unique experience having served in law enforcement and regulatory agencies around the world:

  • UK Intelligence and Policing
  • Interpol
  • Europol
  • Federal Bureau of Investigation (FBI)
  • U.S. Department of Justice (DOJ)
  • Securities and Exchange Commission (SEC)
  • Hong Kong Police Force
  • U.S. Department of Homeland Security (DHS)
  • U.S. Secret Service (USSS)

Strengthen Your Data Privacy Program

While regulators across the globe are continually looking to expand data privacy protections, existing requirements already outnumber the individuals who are available and qualified to perform these duties. Fortunately, Kroll’s team of data protection consultants can help companies comply with data privacy regulations and, at the same time, make their entire systems more cyber resilient.

Stay Ahead With Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,200 incidents per year and have the resources and expertise to support the entire incident lifecycle.

Kroll Responder

Stop cyberattacks. Kroll’s managed detection and response services are powered by an elite team of seasoned cyber risk experts and frontline threat intelligence to deliver unrivaled response.


System Assessments and Testing

Kroll’s field-proven cyber security assessment and testing solutions help identify, evaluate and prioritize risks to people, data, operations and technologies worldwide.

Cyber Governance and Risk

Manage cyber risk and information security governance issues with Kroll’s defensible cyber security strategy framework.

Notification, Call Centers and Monitoring

Kroll’s data breach notification, call centers and monitoring team brings unique expertise to global incident response to help clients efficiently manage regulatory and reputational needs.