Fulfilling the role of Data Protection Officer (DPO) for your school.
All schools have a legal responsibility to appoint a DPO either by nominating an internal member of staff or by outsourcing to an external partner. Outsourcing this role ensures qualified expert advice and avoids the potential conflict of interest when using internal staff. Our DPO Service ensures schools have the necessary knowledge to fulfil their statutory obligation under the GDPR and that staff members understand their personal responsibilities.
A dedicated member of The ICT Service will act as your DPO, offering independent and impartial advice to support the development and ongoing monitoring of all necessary data protection policies and procedures. Our support is remote via telephone, email or Teams/remote access.
We will advise and assist on the management of data breaches and Subject Access Requests. We will provide document templates to aid in the establishment of your GDPR policies and procedures. We also offer expert guidance and support in reviewing third-party data processing agreements to ensure your compliance with the regulations.
GDPR data breaches do not typically happen every day, but when they do occur, we understand how worrying they can be for schools. Our Data Protection Officers will offer reassurance and lead you through the crisis of a data breach by coordinating your school’s response and will represent the school in its dealings with the regulator, the Information Commissioners’ Office (ICO) and other stakeholders on your behalf.
The ICT Service will fulfil the role of Data Protection Officer (DPO) for your school. Our DPO Service includes:
- A dedicated member of The ICT Service will act as your DPO
- Remote GDPR support and guidance by telephone and email
- Annual compliance review
- Regular GDPR updates and advice via our GDPR Life newsletter
Additional chargeable services include:
GDPR Onsite Audit
An onsite audit, including documentation review and recommendations covering:
- ICO registration
- Information Asset Register
- School supplier compliance
- Consent to Hold Information policy
- Data Protection Policy
- Breach procedure
- Privacy notices
- Personal Information Policy
- Data Protection Impact Assessment documentation
Training session for staff/governors delivered onsite or remotely
- Covering all aspects of GDPR, tailored to the specific needs of the school
Onsite or remote consultancy service
- Assistance with complex data protection issues and challenging Subject Access Requests