Data2Action: Virtual Data Protection Officer Portal Tender

Data2Action have been helping businesses identify and manage their Data Protection risks for a number of years, and are now looking for an organisation to build a bespoke ‘Virtual DPO Portal’. 

You can read more about the tender below or via PDF. The deadline for quotations is Monday 10th May 2021. Interested parties should email

Invitation to Tender (external): Delivery of a ‘Virtual Data Protection Officer’ Portal 

Project Introduction

The purpose of this tender is to invite organisations to build a bespoke ‘Virtual DPO Portal’ on our behalf.  This purpose of this portal is to provide businesses with access to an easy to use, intuitive, cost effective, automated Data Protection Officer service that can help them understand their risks and assure them of regulatory compliance thus avoiding unnecessary scrutiny and fines.



Data Protection legislation is changing throughout the world.  We are now in an era where there is much more focus on businesses having to demonstrate they are accountable for the correct and safe processing of people’s data.  Coupled with a growing awareness of the importance of peoples rights, rising cyber crime and identity theft, heavy fines are now in place for those who don’t adequately protect personal data.  In addition Consumers are much more sensitive to data protection and privacy and therefore much less likely to trust those businesses who don’t look after their data. As a result there has there been an explosion ‘Data Breach’ law firms offering consumers the opportunity to seek compensation for mismanagement of their information.  In addition the UK’s supply chain is much more sensitive to the legislation with organisations much more cautious about sharing data with non-compliant organisations.  The net is tightening on businesses with poor credentials.

SME’s and the 3rd sector struggle with a number of barriers to entry including skills, knowledge, time and appetite, with many preferring to adopt a ‘wait and see’ approach which explicitly contravenes the regulation. In addition there is a rising demand for Data Protection Officer services and as a consequence market forces are increasing salary and working conditions expectations thus reducing the availability of these services to SMEs and the 3rd sector where resources are more restricted.

With extensive knowledge of Data Protection legislation, Data2Action have been helping businesses identify and manage their Data Protection risks for a number of years.  We have worked with a wide variety of clients from multi-nationals, Government Departments, Schools, and local businesses to help them understand and comply with this important regulation.

From our knowledge and research we have identified that organisations need a solution that allows them to address the issue of data protection as quickly, easily and cost effectively as possible so they can focus on their day to day activity.  In this regard, an easy to use, cost effective, regulatory compliant solution that helps them manage their day to day data protection activity to avoid regulatory scrutiny would be well received.

The new ‘Virtual DPO portal’ will act as a guiding ‘angel’ largely removing the need for expensive in house or consultancy support. This application will allow business leaders to effectively ‘self serve’ and will act as both a training tool and an ‘in life’ knowledge/learning management system that prompts, collates and reports on key aspects of Data Protection activity within the business giving Business leaders visibility and comfort of their compliance. The solution will also act as evidence of their ‘accountability’ which is mandated under the current regulatory regime.

The solution will grow to be supported by Avatars/Chatbot technology that will guide the user, asking pertinent information gathering questions to help them understand their legal requirements when dealing with data protection issues.


The Project

Based around a centralised dashboard, the portal will guide and support businesses on their compliance journey and act as a central ‘repository’ for all their data protection needs. Rather than just a document ‘dump’, the portal will encourage ‘self service’ participation and data capture and through the use of video’s/avatars and chatbots make the user experience as simple and easy to understand as possible.  The dashboard will draw in a range of activity including (but not limited to):-

  • Access to training resources and ‘How to’ guides.
  • Mandatory/non mandatory documentation.
  • Managing data subject rights
  • Audit and assurance capability
  • Support with ongoing risk management
  • FAQ’s

For each of these component parts, Data2action already have working resources that could be utilised within the portal eg online training however some may need to be adapted for a digital environment.  Notwithstanding that, ease of use of the system is the critical driver and as such, we aim to support each interaction with an Avatar/ chatbot solution to guide users through the activity.

Access to the system will be subscription based with low cost, entry level capability for Micro businesses all the way to supporting larger SME’s.  Subscriptions will be based on volume of users and support requirements of the business in question with a tiered subscription model providing increased benefits. Pricing models are yet to be fully agreed.

We have drafted a functional specification and system guide to support the project which is available.  However we would welcome alternative views based on the tendering organisations own experience of similar projects.


What we need from you 

Working collaboratively with our team of experts, we need an Organisation to build the infrastructure and capability to deliver these collective online services.  At its heart, the end solution must be easy to use, highly secure and easily updated as legislation changes on an ongoing basis.  In addition, the ability for Data2Action to extract data from the solution will be paramount.

We expect that the build will be split into 2 clear stages:

  • Development of the portal and infrastructure to allow an entry level solution
  • Development of the ongoing AI capability

All responses need to reflect this two stage approach.


How to respond 

Please develop a proposal based around the criteria provided above and submit your response via email to, see Key Dates below. Please note that a Non-Disclosure Agreement will be necessary prior to these discussions.


Key Dates 

27th April 2021:   Tender publication

10th May 2021:    Deadline for expression of interest and removal of tender from Website.

24th May 2021:    Deadline for tender documents


How we will select a provider 

We will use the following criteria to select a provider for this work:

Demonstrable expertise of delivery of similar services20%
Quality of proposal against tender specification40%
Value for money40%

Due Diligence 

  • Technical/Product specification will be released to providers who can demonstrate experience in similar activity and upon receipt of a signed NDA
  • We will originate appropriate contractual terms that ensures that all IP will be signed over to
  • Undertake a PQQ process in line with our funders