DPO (Data Protection Officer) outsourcing
The company's responsibility to be GDPR compliant (see below) lays on the Board. The Board has to create the DPO position (Data Protection Officer) to keep the company to be GDPR compliant. DPO will create and maintain the indication to reach the goal. Such a DPO, whether or not he/she is an employee of the GDPR controller, should be in a position to perform their company's GDPR compliance. It is possible to outsource such a position (DPO-as-a-Service, DaaS).
The European Union (EU) adopted in April 2016 new regulation, the General Data Protection Regulation (GDPR), to protect the personal data of any natural person (identified or identifiable natural person - data subject) and to give the data subjets more control regarding their personal data (see http://ec.europa.eu/justice/data-protection/). The GDPR places new rules on the export of personal data outside the EU, i.e. to process the data by non-EU institutions and companies. The new regulations will go into effect on May 25th, 2018 (deadline), which means companies that either do business within the EU or do process the data subject's personal data need to be compliant with GDPR. It means to start project of the GDPR compliance. The difference comparing to similar steps in the past are significant fines on breaching the GDPR (up to 20 million of EUR or 4% od worldwide group's turnover).
GDPR calls for a sequence of legal steps and ICT steps to make necessary changes in company's processes. It is quite complex process with complexity calling for Project Management.
More information: http://www.eudataprotectionregulation.com/data-protection-officer