Data Protection Officer (DPO) as a service

avatar
Катерина Дубас
Ким працює Катерина Дубас? IT / privacy / data protection / AI юрист з Києва. Data Protection Officer. Спеціалізується на законах ЄС і США про захист даних (GDPR, CCPA, COPPA, HIPAA, NIS2, DORA тощо), data processing agreements, risk assessments у системах обробки персональних даних та ШІ. Про що консультує? Катерина консультує щодо питань GDPR та захисту персональних даних у ЄС, США і Україні, AI Act compliance, розробки DPA (data processing agreement, data protection agreement) і privacy policies / privacy notices, створення документації і програм захисту персональних даних, Data Protection Officer (DPO) as-a-Service. Який у неї досвід? Катерина має 8+ років досвіду юридичного супроводу ІТ-команд. Останні 4+ роки керує командою захисту персональних даних та приватності у Legal IT Group. Які відзнаки у Дубас Катерини? Визнана як notable practitioner у сфері інформаційний технологій за версією Ukrainian Law Firms. A Handbook for Foreign Clients (2025 рік). Співавторка книги “GDPR для водолазів: основи поведінки в океані даних”. З 2025 року здобуває ступінь магістра з компʼютерних наук зі спеціалізацією у ШІ та хмарній інженерії. У 2024-2025 році проходила річний сертифікаційний курс з інженерії даних в УКУ (Український Католицький Університет). Спікерка українських та міжнародних конференцій та подій з питань приватності, безпеки даних, data engineering/DevOps, та Big Data (DevOpsDays Kyiv, Big Data Conference Europe, IAA). Бере активну участь у підготовці та проведенні освітніх проєктів Legal IT Group. Контролює всі проєкти, що стосуються приватності та ШІ: від GDPR і CCPA до AI Act в Legal IT Group та систематично додає в колектив доброти та сучасних трендів.
Contact
We act as external DPOs for international companies handling millions of user records.
legal it group

Why Choose Us

Experts in GDPR since 2018

We’ve been systematically building and implementing privacy programs since the early days of the GDPR.

  • Team of three FIPs

    Certified professionals with CIPM, CIPT, CIPP/E, and CIPP/US credentials — all holding the prestigious Fellow of Information Privacy (FIP) designation
    sircles

  • Privacy Advocates

    We host regular in-person and online events dedicated to privacy and data protection.
    about_icon2

  • Authors of the book “GDPR for Divers”

    Our in-house lawyers and privacy managers are proud co-authors of a widely respected practical guide.
    about_icon3

  • Connected with German Partners

    We implement the best European privacy practices through close collaboration with trusted German experts.
    about_icon4
Send a request
decor

DPO onboarding – DPO onboarding – DPO onboarding – DPO onboarding –

  • 01

    DPO registration

    We sign the contract, publish DPO details on your website, and notify the relevant authorities.
  • 02

    DPO discovery

    We dive into your processes and personal data flows.
  • 03

    DPO assessment

    We identify compliance gaps and develop an effective roadmap.
  • 04

    DPO action

    We recommend changes, implement improvements, and embody the transformation.
  • 05

    DPO support

    Proactive and on-demand support, delivered in real time.

What does a DPO do? What does a DPO do? What does a DPO do? What does a DPO do? What does a DPO do? What does a DPO do?

red-folder Builds
Supports

  • Privacy audit and action plan

    The DPO assesses your current situation and prepares a gap assessment — outlining how your company operates today and what regulatory requirements apply to your processes. The next step is an action plan to bring your organization into compliance with the GDPR and related laws. In reality, this is the foundation of your internal privacy program.

  • Development and update of privacy policies, GDPR procedures

    DPO helps draft documentation for responsible privacy management in the company. Policies on access, transfer, storage, and destruction of data and other documents are woven into the operations for processing personal data.

  • Participation in GDPR assessments (DPIA, LIA, TIA, etc.)

    The DPO must be involved in Data Protection Impact Assessments and other GDPR-mandated evaluations. These are required under the GDPR, and the quality and timeliness of such assessments are key factors for regulators when deciding whether or not to issue fines — making the DPO's role essential.

  • Conducting GDPR training

    The DPO develops and delivers training on privacy compliance and evaluates the team’s awareness and readiness.

  • Vendor GDPR checks and demonstrating GDPR compliance to clients

    The DPO helps design and implement procedures for evaluating vendors’ GDPR compliance — a requirement under the GDPR. The DPO also develops tools and assists in demonstrating GDPR/privacy compliance during the marketing and sales of your company’s services or products.

  • Answering GDPR-related questions from the project team

    Having a DPO in the organization gives stakeholders — those making decisions about personal data processing — direct access to expert advice on how such decisions may affect the company’s compliance posture.

  • Implementing a “privacy first” culture

    Establishing a privacy mission and fostering a culture of data protection within the organization is a key impact factor.

  • Privacy Program Oversight

    Sometimes, all the privacy documents end up in a drawer and are never seen again. In such cases, there’s no functioning privacy program — which means no GDPR compliance and no real protection of data subjects' rights. One of the DPO’s key tasks is to develop and implement metrics to monitor the actual execution of your privacy program.
implementation_icon

LEGAL IT GROUP as your DPO

  • We register with the supervisory authority under the GDPR

    implementation_icon1
    Our company is listed as the Data Protection Officer in your website’s privacy policy. If needed, we can also register with the relevant EU supervisory authority.

  • We become ambassadors of your privacy culture

    implementation_icon2
    User privacy lives in real processes and everyday team behavior. We communicate the importance of privacy compliance through training and internal content, shaping how your team handles personal data in real time.

  • We assist with documentation and assessments

    implementation_icon3
    We support your company in updating privacy documentation and processes when entering new markets, launching new business operations, or implementing new technologies.

  • We share best practices — and build them with you

    implementation_icon4
    Our expertise allows us not only to observe trends in effective privacy program development, but to shape and implement them within your company. Our certified professionals take care of your privacy compliance.

How much does it cost?

€100/hour. Minimum package 50 hours / quarter
The exact price depends on the complexity of the data flows and data processing mechanics.
Send a request
Команда

Your potential DPOs

A DPO is the face of your privacy program.

  • Катерина Дубас Legal IT Group

    Kateryna Dubas

    Head of Privacy Practice at Legal IT Group
  • Антон Тарасюк Legal IT Group

    Anton Tarasiuk

    Managing partner at Legal IT Group

Certified GDPR experts

We hold 10+ certifications in the field of privacy.

Our expertise is internationally recognized.

CIPT_Dubas.pdf

Nova Post

International logistics company

  • we provide personal data protection services in Ukraine

  • we provide GDPR-compliant personal data protection services

Hyalual

Global developer and manufacturer of solutions for aesthetic medicine

  • we provided support with data privacy compliance

Snov.io

Smart automation of cold sales

  • we are honored to act as DPO for Snovio.io

  • we help them with other legal tasks

Odeeo

Innovative in-game audio advertising platform

  • we were glad to enhance the product by developing a Compliance Rollout Programme

  • we act as a DPO

Readdle

Product IT company engaged in application development

  • we worked with the Readdle team on their data flow mapping

  • we helped them to add even more transparency to the relationship between Readdle and their customers

ZONE3000

International IT company providing software development services

  • we have provided many consultations on various legal issues

More cases

blog_iconCurrent and practical articles

  • Data protection officer
  • AI compliance officer
  • Data privacy compliance
  • Дія.City
  • Digital Millennium copyright Act
  • Торгова марка в IT
Go to Blog

We write about what we practice

IP, GDPR, contracts and disputes, as well as the legal aspects of implementing technologies such as artificial intelligence or best practices for implementing specific legal solutions.
An inquiry is the first step to resolving a legal issue
Your request to Legal IT Group
up to 500 characters
Email
a@legalitgroup.com
Phone
+38 (044) 205-54-10
Send to Telegram

Our expert is always in touch to help you deal with legal issues.

You will be answered:

Anton Tarasiuk
Managing partner в Legal IT Group
Write in Telegram
An error occurred
The request has been sent Thank you for your message! We will process it as soon as possible.
  • How do you work with IT companies?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into agreements with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How to protect your copyright in IT?

    To protect your copyright in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How quickly do you respond to requests?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How do you ensure privacy?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.