Privacy as a Service explained

Aug 06, 2020

So, you want to know what Privacy as a Service is, if you need it or why you would need it.

What is Privacy as a Service?

“Privacy as a Service” is the term that has become common for businesses like Xynics, who take their many years of experience and expertise, and combined with industry recognised qualifications, can not only advised upon and apply the law and best practice, but can ensure it doesn't change how you want to work or stop you from doing the things you want to do.

It's really not uncommon in business to engage external experts in their field to undertake specific business tasks on our behalf;

  • When we want someone to manage our business accounts, do the tax returns and help us make a healthy profit, we turn to an accountant.
  • When there’s contractual matters or litigious action, we turn to a solicitor.
  • We might want someone to manager our HR and ensure we’re compliant with all relevant HR law as well has having proper policies and procedures to help us should we need to dismiss an employee, or handle an Employment Tribunal case, so we turn to a specialist Outsourced HR team.

In larger organisations, we’d employ these functions ourselves, but as small businesses it’s an expense we cannot justify or we simply don’t have the workload to make that role viable.

That’s where an outsourced Privacy as a Service provider comes in.

Did you know!

The GDPR makes it law that the person in charge of Privacy and Data Protection for your business must be “suitably knowledgeable”. That means its a legal obligation to ensure that person knows Data Protection law in sufficient detail to apply it to your business.

Also, another little known part of the law says that any person with the responsibility of data protection in your business cannot have a “conflict of interest” with their own job role.

That means your Marketing Manager cannot be your compliance officer as they may be biased towards allowing activities that favour marketing where reasonably, someone else might advise against those activities.

Why would you need it?

Lots of business advisors talk about our "inner chimp", the part of our brain that is in play when we act impulsively, without regard for the consequences.

Our inner chimp is an emotional, greedy and lazy animal which is with us from birth. But what's this got to do with why you might need a Privacy as a Service partner?

If we let our chip loose and act on impulse, we take decisions based out of that greed, emotion or laziness and leave ourselves wide open to regret in the future. In the world of Information Security and Data Protection, this can be very dangerous indeed as small oversights can lead to those reportedly huge 4% of global turnover fines and potential reputational damage.

"It's too expensive", "We can save a few pounds by doing this ourselves" or "We can just copy what someone else has done" are common excuses for not engaging professional advice, but research has shown that those who choose not to engage support, are more likely to experience a data security incident, and be less likely to be compliant with data security and privacy law.

As business owners and managers, we want to know that we are in control as much as we possibly can be to give stability to our business and processes.

You could choose to pass the Data Protection baton to one of your staff. They'll have a little extra work but once it's done, it's done, right?


As touched upon above, if you don't have the necessary knowledge of the law and can't apply it in context to your business, you risk missing the fundamentals and failing to adhere to the law.

Similarly if you do have people with that knowledge (perhaps you sent them on a GDPR course), they may not be sufficiently proficient in other data protection laws like the Privacy and Electronic Communications Regulations or the Data Protection Act 2018, leaving you equally exposed. Finally, someone can be as qualified and experienced as they come, but if their Data Protection duties are "clouded" by their own job role (like a Marketing Manager), they could easily overlook some scenarios in favour of making their job possible or easier.

Outsourcing to a Privacy as a Service partner will give you the stability and security you want through expert knowledge and experience, for a relatively low cost.

Do you need it?

There's no complex formula or straight out indicator to say you "need" a Privacy as a Service partner, but we can start by asking a few simple questions;

  • Do you have a detailed record of every business process that handles personal data (including your Employees data)?
  • Do you have regular (at least annual) training on information security and data protection for all staff, yourself included?
  • Do you conduct Risk Assessments for all your collection and use of personal data?
  • Do you have policies around keeping information secure and confidential?
  • Do you have documented procedures for handling Subject Requests, Data Breaches, conducting a Legitimate Interests Assessment, or a Data Protection Impact Assessment?

If you’ve answered No to any of these, then you could benefit from a Privacy as a Service partnership.

Also, if you want

  1. expert knowledge on-tap, so can be confident that what you do is lawful and effective for your business;
  2. to eradicate any potential conflict of interest in job roles for truly unbiased information security and data protection advice;
  3. to save some money by not having to employ expensive solicitors or new staff to handle that reworked workload;
  4. and to have the security of knowing that your business is in control. You have stable processes and procedures that function and are lawful, and in the event that there is a data breach, it’s handled by experts so you can focus on what’s important to you.

Then you probably would also benefit from a Privacy as a Service partnership.

How much does it cost?

The answer to this is most defnitely going to depend upon the partner you choose to work with. Xynics have packages starting from as little as £195+vat per month but we have seen some providers starting as low as £45 per month, up to well over £1000 per month!

Of course you can and should shop around for a provider thats right for you and your business but before you do, please download our “top 5 tips on selecting a Privacy as a Service partner” to ensure you find someone who can deliver the control, stability and security that your business needs.

Download our guide to selecting your Privacy as a Service partner

We're more than happy to share this document from our comprehensive GDPR documentation toolkit for free, but we'd like ask for a few details from you just so that we can follow up with you in a few days to check how you're getting on, and also keep you updated with all the latest news and information around Privacy, Data Protection and Information Security.

To download the template, complete the above form here and click submit. The download should start automatically.

Your Privacy is our priority

By completing your information here, we will use that information to follow up with you on your progress completing the template and to keep you informed periodically about all the things happening in the world of business, information security and data compliance.

You can unsubscribe any time you wish by clicking the link in our emails, or by contacting our team, or if you prefer not to receive our eNewsletter at all, we completely understand and ask that you simply untick the box to the left to indicate your choice.

The information you provide here will be kept in our ContentMX electronic marketing system which is hosted in the USA. Please be assured that we have in place a comprehensive Data Processing Agreement with ContentMX which requires confidentiality and security measures that are comparable to our own, including encryption to keep your personal information safe. For full details on how to contact us and our handling of personal information, please see our Privacy Policy here.

Contact Us

If you want to discover how you could do more with
your data, get in touch with Xynics.

Get In Touch