Fulfilling the role of Data Protection Officer (DPO) for your school.
All schools have a legal responsibility to appoint a DPO either by nominating an internal member of staff or by outsourcing to an external partner. Outsourcing this role ensures qualified expert advice and avoids the potential conflict of interest when using internal staff. Our DPO Service ensures schools have the necessary knowledge to fulfil their statutory obligation under the UK GDPR and that staff members understand their personal responsibilities.
The ICT Service will act as your DPO, offering independent and impartial advice to support the development and ongoing monitoring of all necessary data protection policies and procedures. Our support is remote via telephone, email or Teams/remote access.
We will advise and assist on the management of data breaches and Subject Access Requests. We will provide document templates to aid in the establishment of your GDPR policies and procedures. We also offer expert guidance and support in reviewing third-party data processing agreements to ensure your compliance with the regulations.

Major Data Protection breaches do not typically happen every day, but when they do occur, we understand how worrying they can be for schools. Our Data Protection Officers will offer reassurance and lead you through the crisis of a data breach by coordinating your school’s response and will represent the school in its dealings with the regulator, the Information Commissioners’ Office (ICO) and other stakeholders on your behalf.
The ICT Service will fulfil the role of Data Protection Officer (DPO) for your school. Our DPO Service includes:
- Remote UK GDPR support and guidance via Teams, telephone and email
- UK GDPR Annual Compliance Review
- A dedicated mailbox available to log all of your UK GDPR enquiries, at any time
- Regular email UK GDPR updates and advice plus our UK GDPR Life email newsletter
Additional chargeable services include:
GDPR Audit
An audit, including documentation review and recommendations covering:
- ICO Registration
- Information Asset Register
- Consent to Hold Information Guidance
- Data Protection Policy
- Breach Procedure
- Privacy Notices
- Data Protection Impact Assessment documentation
GDPR Training
Training session for staff/governors delivered onsite or remotely
- Covering all aspects of GDPR, tailored to the specific needs of the school
GDPR Consultancy
Onsite or remote consultancy service
- Assistance with complex data protection issues and challenging Subject Access Requests
