DPO (Data Protection Officer) Service

Service includes the initial setup for GDPR in a day

You will be provided with:

Policies, Privacy Notices, User Agreements. 

The visit will include a bespoke Information Asset Register which will map your assets relating to personal data and provide a legal basis for processing the data and third party supplier tracking.

Data Breaches will assessed and reported to the ICO accordingly.  

Regular Visits

Schools receive regular visits to support setting in raising their level of compliance. Settings will also be updated regarding the latest policy 

Regular training will be provided for staff and new staff

Annual Audit Data, Protection Impact Assessments and Privacy by Design

Annual Audit is completed per setting to evidence compliance for the Governing Board

Data Protection Impact Assessments as a legal requirement re carried out on new systems and existing systems as necessary

Privacy by design is also considered as a legal duty when introducing new systems

Annual Report to Governing Body

The GDPR promotes strong governance. 

Report will be written after each visit for distribution to governors

Data Breach Reporting

Guidance in identifying, investigating and reporting data breaches will be provided by the DPO. The DPO will investigate breaches and write a report underlining the circumstances and recommending actions to mitigate the risk of further breaches . The DPO will liaise with the ICO as necessary if the  breach meets the reporting criteria. 

Actions to mitigate risk could include system design and or staff training. 

Subject Access and Freedom of Information Requests

Guidance relating to Subject Access Requests and Freedom of Information Requests  will be provided as they come to light. They have time limits of one month and twenty working days respectively unless certain conditions apply.