DPO
UK GDPR in Schools – Data Protection Officer Services for Education
Service
As an education provider, you have a responsibility to protect your students, staff and school. This responsibility isn’t just about protecting the physical form – it is also the protection of information or data you hold about individuals and how that is managed and controlled.
Our DPO Team understand the data flows, and need for data, in different areas of the school. Our support as your DPO includes an online recording and reporting system for all relevant GDPR information.
On top of this we provide a great deal of added-value functions including, but not limited to, completed Data Privacy Impact Assessments and compliance checking of supplier data privacy agreements.
Download our Data Protection Service overview:
Data Protection Officer Service for Schools
Solution
Our DPO Service and Portal
- Provide advice and guidance when required
- Support and monitor the maintenance of data records
- Draft data policies and procedures
- Provide training for employees
- Act as the fi rst point of contact with authorities
- Support the management of Subject Access Requests and those under the Freedom of Information Act 2000
- Support the management, including investigation, reporting and review, of data breach incidents
- Conduct internal audits of your data processes up to twice a year
- Providing you with access to our specifi cally designed Data Protection Portal
This service also includes all of our policy and document templates All school-specific documents are hosted here including audit reports and all logs are easily downloadable for review at governor or trustee level.
The portal is split into eight distinct sections:
- Audits – audit your school against the ICO’s accountability framework. Create a RAG-rated development plan with actions for Amber and Red expectations in order to create the plan to fully meet all expectations over time.
- Breaches – log and report on any data breaches that may occur in your schools.
- Subject Access Requests – log and report on any subject access requests that may occur in your schools.
- Data Decisions – log and report on any data decisions made where data is processed in such a way that could create risks to the rights and freedoms of individuals, or it involves special categories of data. It can also be used to log incidences of one-off data sharing.
- Data Map – identify what categories of data are processed, the purpose for which are they are processed, the legal basis for processing, where they are held, how they are obtained and who they are shared with.
- Data Processors – identify which data processors your school shares data with, which data categories are shared, whether the processors are compliant with the UK GDPR, and what security and retention periods are in place with them.
- Global Documents – access and download all of our supporting material for data protection including policy templates, training resources, privacy notices, retention schedules and data protection impact assessments.
- School Documents – access and download any school-specific documents once completed such as audit reports and your data maps.
Subject Access Requests - Our Guidance for Schools, Colleges & Trusts
Subject Access Requests - Our Guidance for Schools, Colleges & Trusts
Subject access request guidance for schools, colleges and MATs. Frequently asked data protection questions about SARs answered here. Read on...
Training
All of our CPD sessions can be delivered to a whole staff body or we offer bespoke sessions for different groups of staff, for example governors, senior leaders, admin, SENDCO, new starters, or as refresher training. Here is an example of our Data Protection Training for SENDCOs and DSLs.
Our CPD sessions are delivered on site with staff, so they can fully engage and ask questions that are directly relevant to school staff and their specific role. As we are experienced school leaders, we do understand the need for all roles in school, so our advice and guidance is education- and role-specific.
Whole staff sessions run for about an hour, other bespoke sessions can vary in length depending on need. Where INSET time does not allow for one of our sessions, we will provide materials for all content and keep you informed of any relevant updates.
As we don’t want to hold too much personal data, we do not hold lists of names of staff that attended courses but we will record when school training took place and the content delivered.
Aims of this session are to:
- Develop an understanding of the statutory responsibility to monitor and evaluate data processing with specific focus on SEN and Child Protection (CP) pupils
- Develop a greater awareness of the potential pitfalls of processing SEN and CP data
- Share good practice in relation data protection using case studies from schools we currently work with
- Raise awareness of the retention schedules for SEN and CP data
In addition, our online training platform allows you to purchase courses for individual members of staff in our shop or use the link below to purchase group licences for your whole school. Please note – access to our online training platform is FREE for organisations that are signed up to our Data Protection Officer service. Our training platform hosts role-specific training courses include:
- Data Protection for Education Staff
- Data Protection for Child Protection Leads
- Data Protection for Governors/Trustees (maintained schools and standalone academies)
- Data Protection for MAT Governors/Trustees
- Data Protection for Lunchtime, Cleaning and Site Staff
- Data Protection for School Administrators
Packages
Our DPO service is cost-neutral compared to other, alternative solutions. For a school to appoint their own DPO, they will need to fund training for that individual and give them time to complete the role effectively. They will possibly also need to provide a financial incentive (such as a TLR) to them. Our experience and knowledge base (as well as economies of scale due to working with hundreds of schools) allow us to dramatically cut down these costs.
For example, a school senior leader earning £50k p.a. who is given an hour a week across the year to complete their DPO work is costing a school at least £2k which is more than our most expensive rate.
Full DPO Support Service
£925 to £1250 (+VAT)
per annum, per school site
(dependent on size)
Annual Auto-renewing Subscription
Full Data Protection Officer Service Comprising:
- Access to our online Data Protection Portal
- Option of annual onsite audit
- Annual role specific GDPR and Cyber Security training (onsite or online)
- Telephone and email support
- Data processor compliance checks
- Breach and subject access request support
- Tailored support for document writing including policies, privacy notices and DPIAs
- Named contact person.
Core DPO Support Service
£570 to £925 (+VAT)
per annum, per school site
(dependent on size)
Annual Auto-renewing Subscription
- Access to our online Data Protection Portal
- Option of biennial audit
- Annual online, role-specific GDPR and Cyber Security training
- Telephone and email support
- Data processor compliance checks
- Breach and subject access request support.
Remote Data Protection Service
£490 (+VAT)
per annum, per school site
Annual Auto-renewing Subscription
Remote Data Protection Support Service Comprising:
- Access to our online Data Protection Portal and benefits
- Annual online, role specific GDPR and Cyber Security training
- Telephone and email support
- Breach and subject access request phone support.
Data Protection Onsite Audit
£560 (+VAT)
One-Off Payment
Data Protection Audit against the ICO’s accountability framework including:
- Leadership and Oversight
- Policies and Procedures
- Training and Awareness
- Individuals’ Rights
- Transparency
- ROPA and Lawful Basis
- Contracts and Data Sharing
- Risks and DPIAs
- Records Management
- Breach Response and Monitor.
Frequently Asked Questions
How often will you be onsite?
Depending on the level of service you choose, you can opt to see your DPO annually for audits and/or training – you can choose to see them on site or via a Teams meeting. They will also be available whenever needed in the event of a data protection incident.
Will I get remote support when they are not onsite?
Yes, your DPO will be available via phone and email when not visiting your site. You will also have access to our online portal for reporting breaches and subject access requests, logging data decisions and downloading document templates.
What about school holidays?
Our DPOs will be available to provide support both during term-time and during the school holidays.
Who can be my Data Protection Officer (DPO)?
This can be anyone who has no strategic or operational decision-making role with regards to data and data systems in your school. It doesn’t have to be a member of your own staff.
Examples of roles that are likely to not be able to be your DPO include the Headteacher, School Business Manager, Data Manager, IT Manager and most other senior leadership roles.
What does our DPO service typically include?
- Providing advice and guidance when required
- Supporting and monitoring the maintenance of data records
- Drafting data policies and procedures
- Providing training for employees
- Acting as the first point of contact with authorities
- Supporting the management of Subject Access Requests and those under the Freedom of Information Act 2000
- Supporting the management, including investigation, reporting and review, of data breach incidents
- Conducting an internal audit of your data processes up to twice a year
- Providing you with access to our specifically designed Data Protection Portal
What are the advantages of outsourcing the DPO role for my school?
Access to high-levels of expertise and banks of resources. It also gives you an impartial view of your systems, processes and practice. In the event of a data protection incident, impact on the day-to-day running of the school will be minimal as school staff can continue to carry out their roles. It is likely that this will also be a more cost effective approach than using an existing member of staff when compared to additional non-contact time, training and, possibly, a TLR. The support is also available outside normal school working hours and during the school holidays.
