Data Protection Officer as a Service

LIBRe Foundation team offers the organizations a Data Protection Officer as a Service based on four key conditions: lack of conflict of interest, independence, confidentiality and observance of professional secrecy.


GDPR introduces an obligation for data controllers and data processors to designate a Data Protection Officer in a number of hypotheses of personal data processing.

The need for specific expertise and knowledge of data protection law and practices (both from legal and technological perspectives) implies dedication of serious efforts and financial resources to secure this position as internal to the organization.

LIBRe Foundation team offers a complex implementation of a Data Protection Officer activities as a subscription service based on four key conditions: lack of conflict of interest, independence, confidentiality and observance of professional secrecy. This service may include:

informing and regularly advising the highest manage ment level of the controller or the processor, including their staff (where applicable), with regards to their obligations under GDPR and related provisions at European or national level;

monitoring the compliance with the requirements of GDPR and GDPR-related provisions at European or national level and the controller/processor's privacy policies, including assignment of responsibilities, awareness-raising and training of staff involved in the processing operations and internal audits;

advising and supporting the implementation of data protection programs and procedures for personal data protection, including (if applicable) consultating on related security and information security systems, and introduction of monitoring mechanisms;

advising and supporting the implementation of procedures for internal control, registering and reporting of violations and data protection breaches within the client organization, analyzing the impact of these violations and proposing and/or implementing effective preventive measures;

advising, when required, on the data protection impact assessment and DPIA monitoring processes, upon introducing new or updating existing technological solutions and/or procedures;

advising and supporting the process of administering requests for access to personal data processed for patients/customers or requests for access to information for patients/customers from external and internal parties, prioritizing the requests and ensuring their effective consideration and implementation in due time, in accordance with current legislation and ethical standards, including maintaining relevant registers;

communicating with partners and the organization's management bodies on personal data protection issues;

cooperating with the national supervisory authority (for Bulgaria this is the Commission for Personal Data Protection) and fulfilling the role of point of contact for the supervisor in matters related to the processing; and

advising on any other issues related to personal data protection.

More information about the data protection services we have provided can be found at:

Consultations aimed at private legal entities and individual experts

Consultations aimed at non-for-profit legal entities

Framework Initiative for e-Justice Development in Bulgaria - for consultations aimed at judicial authorities;

Framework Initiative for Personal Data Protection in the Healthcare Sector in Bulgaria - specific services aimed at healthcare representatives.

For an individual offer or clarification with respect to the services offered, please contact LIBRe Foundation team directly.