Fractional Chief Privacy Officer (CPO)

Most organisations don't need a full-time CPO. They do need a senior leader to do it well.

Privacy leadership at senior level isn't about managing a compliance checklist. It's about making difficult judgement calls, engaging credibly with regulators, briefing boards on risk they can actually act on, and building a privacy function that holds up when it matters. That requires experience - not just knowledge of the rules, but first-hand understanding of what it feels like to be accountable for privacy at scale.

Our CEO's experience spans banking, US technology, FMCG, workforce solutions, and high-growth startups.

At FTSE 100 level she has held board-level privacy and data governance leadership. She's also advised, led, and embedded privacy across fast-scaling technology businesses and established organisations where data is central to the commercial model. Find out more about our CEO >

That's the experience we bring to a fractional CPO engagement. Not a framework. Not a template. Judgement, built from doing the job.

The gap most organisations have isn't knowledge - it's accountability.

Privacy responsibilities are often distributed across legal, compliance, technology, and the business - without a senior leader who owns the picture, makes the hard calls, and can speak authoritatively to a regulator or a board. That gap creates risk. It also creates uncertainty inside the organisation, because nobody is quite sure whose job it really is.

A fractional CPO closes that gap - bringing genuine senior ownership without the overhead of a permanent hire.

Who this is for

This service works best for organisations where:

• Privacy is a material risk but doesn't yet have clear senior ownership
• A board, investor, or regulator is asking questions that require a more credible response than the organisation can currently give
• The privacy function exists but lacks strategic direction or senior challenge
• The organisation is scaling, entering new markets, or increasing its data use in ways that require more active oversight
• A named DPO with regulatory credibility is needed - someone who can genuinely engage, not just fulfil a formal requirement

Our CEO has experience across regulated industries, high-growth technology businesses and founder-led organisations: where privacy is central to the business model or the regulatory relationship.

The value we bring is strategic, regulatory, and advisory - the kind of senior judgement that changes how an organisation thinks about privacy, not just how it documents it.

How we engage

Privacy deep dive - A standalone assessment - reviewing documentation and interviewing key staff to give you a clear, honest picture of your privacy health and real enforcement risk. This is a substantive piece of work in its own right, with findings presented directly to leadership. Many clients commission this independently; it also forms the required foundation for any retainer engagement where our CEO is named as DPO with regulators, and is strongly recommended before any ongoing engagement.

Fractional CPO - Foundation 8 hours per month - For organisations that need a credible senior privacy presence without a major ongoing commitment - strategic advice, regulatory guidance, board-level input, and a named point of accountability. The privacy deep dive is required before this engagement where our CEO is the named DPO.

Fractional CPO - Core 12 hours per month - For organisations with more active privacy programmes, broader regulatory exposure, or ongoing strategic challenges that need consistent senior attention across jurisdictions, functions, or a period of change.

Fractional CPO - Extended 16 hours per month - For larger organisations, those operating across multiple jurisdictions, or those navigating significant commercial, operational, or regulatory change where privacy requires sustained senior leadership.

Fractional CPO - Complex 20 hours per month - For organisations with known, material privacy challenges - significant regulatory exposure, complex data environments, or where privacy is central to the business model and requires close, ongoing senior oversight.

Project and incident work - Breach response, regulatory investigations, and major projects are handled separately from retainer hours - scoped individually, and available on a standalone or retainer-plus basis. Hourly rates are available for defined project work.

What working with Spriggun gives you

You'll have a senior privacy leader who knows the regulatory landscape, can walk into a board meeting or a regulator's office and speak with authority, and will give you an honest view of where your risks sit and what to do about them. Your privacy programme will have genuine senior ownership - not just on paper, but in practice. When the hard moments come - a breach, an investigation, a major commercial decision with privacy implications - you'll have someone in your corner who has been there before.