Dpo Banner (1)

Data protection services (UKGDPR)

Data protection services

"The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39"

Be compliant, not complacent

The UK GDPR is designed to protect and empower British citizens with regard to their data privacy, and places greater obligations and sanctions on organisations that process (eg obtain, use, store, share and destroy) personal data.

This new legislation is the biggest change in data privacy legislation in 20 years. Although, the Information Commissioner (the UK Data Protection Regulator) has stated it is an “evolution…not a revolution” of our current data protection laws, it does still create significant burdens (resources and financial) on schools requiring them to overhaul their existing practices for handling personal data about pupils, parents/carers, staff, governors etc in order to be compliant.

How does the UK GDPR affect schools?

GDPR is large and complex, so here’s an overview of the key areas which affect schools:


What should schools be doing now that the UK GDPR is in place?

  • Ensure senior management understand the significance and impact of the UK GDPR on your school and seek their ongoing support
  • Carry out an annual information audit to identify and record what personal data you hold, where, who you share it with, how long you keep it for and what your lawful basis is for processing it
  • Deliver annual UK GDPR staff awareness training to ALL staff and governors
  • Review, update or create policies and procedures which reflect the UK GDPR changes, particularly in relation to data breach investigation and reporting; privacy notices, obtaining and managing consent and handling requests from individuals exercising their rights.
  • Appoint a Data Protection Officer – this person must have expert knowledge of data protection law and practices and be able to fulfil the tasks set out in Article 39 of the GDPR. This person can be an employee or an external contractor.
  • GDPR Solutions for Schools - Help is at hand!

We have teamed up with an experienced public sector data protection consultancy business, to offer schools unique packages which will support you through the GDPR journey- from preparation to post implementation.

These packages include an experienced Data Protection Officer assigned to your school; GDPR readiness audits with action and recommendations report; staff training; data protection briefings and bulletins; data breach investigation and reporting support and conferences.

We understand schools have tight budgets and in many cases very limited expertise in data protection, so we offer a full range of packages to suit the needs and budgets of different schools.