Service includes the initial setup for GDPR in a day
You will be provided with:
Policies, Privacy Notices, User Agreements.
The visit will include a bespoke Information Asset Register which will map your assets relating to personal data and provide a legal basis for processing the data and third party supplier tracking.
Data Breaches will assessed and reported to the ICO accordingly.
Schools receive regular visits to support setting in raising their level of compliance. Settings will also be updated regarding the latest policy
Regular training will be provided for staff and new staff
Annual Audit is completed per setting to evidence compliance for the Governing Board
Data Protection Impact Assessments as a legal requirement re carried out on new systems and existing systems as necessary
Privacy by design is also considered as a legal duty when introducing new systems
The GDPR promotes strong governance.
Report will be written after each visit for distribution to governors
Guidance in identifying, investigating and reporting data breaches will be provided by the DPO. The DPO will investigate breaches and write a report underlining the circumstances and recommending actions to mitigate the risk of further breaches . The DPO will liaise with the ICO as necessary if the breach meets the reporting criteria.
Actions to mitigate risk could include system design and or staff training.
Guidance relating to Subject Access Requests and Freedom of Information Requests will be provided as they come to light. They have time limits of one month and twenty working days respectively unless certain conditions apply.