GDPR is coming are you ready?
Under the new General Data Protection Regulation (GDPR), schools will need to appoint a Data Protection Officer (DPO).
Does my school need to appoint a Data Protection Officer?
Yes. From May 2018, under GDPR a school must appoint a Data Protection Officer.
What does a DPO do?
In a nutshell, enable and help the school and its staff to comply with the GDPR. The DPO should encourage a ‘data protection culture’ (e.g. data protection by design, the use of data protection impact assessments, ensuring staff understand their data responsibilities, can / do comply with GDPR principles and follow the school’s data protection policy).
The DPO is the first point of contact for all stakeholders with regard to data – highlighting and upholding the principles of data processing, data subjects’ rights, records of processing activities, security of processing, and the notification and communication of data breaches.
What is included?
Each year subscribing schools will be sent an induction pack with registers and check lists
A site visit (lasting a day) will be undertaken to review data protection practices and learn the schools systems.
A ‘Recommendations of Practice’, report will be written following the visit to guide the school and target areas of concern and action.
Up to 2 hours whole staff training,
Telephone and email support all year round,
Governor training sessions 3 x a year,
Retention and records management advice with drop in clinics
Support with Freedom of information Requests and Subject Access Requests.
Newsletters and legal updates to brief staff on any decisions made by the ICO
The DPO will working along side the Data Protection Lead in the school to:
Educate the whole school community in relation to Data Protection
Serve as the point of contact between the school and Data Protection Supervisory Authorities and third parties.
Support the Data Protection Lead to monitor performance and providing advice on the impact of data protection efforts.
Work with the school in maintaining comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request
Support the Data Protection Lead in interfacing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information.
Support and inform policy and practice for risk and data breaches.
Please Log in to purchase this service
Please see our standard terms and conditions when you go to your shopping basket.
The Service Level Agreement contains any specific terms and conditions for this service.