The client
The Bedford College Group (operating across multiple campuses in Bedfordshire and Northamptonshire) is a further education institution based in Bedfordshire, England. One of the largest educational institutions in the region, the college has a long history of providing high-quality education and training. They offer a wide range of educational programs, including further education courses, apprenticeships, higher education courses, and professional qualifications. The Bedford College Group caters to both school leavers and adult learners, providing opportunities for individuals at various stages of their education and career paths.
What did they need?
The Bedford College Group approached us looking at options for an outsourced Data Protection Officer (DPO) on an interim basis while they recruited a permanent replacement for the role. They were looking for an organisation (with previous education experience) that they could trust to jump right in to support the current data protection programme.
Schools often struggle to remain compliant with data protection legislation, as it can be complex, expensive and challenging to both interpret and implement. Schools handle a large amount of personal data. This includes student information (children’s data), staff records, and special category data. Understanding and applying the legal requirements and ensuring compliance across various data processing activities can be overwhelming. This typically comes down to a lack of awareness and training, which can lead to inadvertent violations, reputational damage or non-compliance. All of this is precisely why having a DPO is so important.
How did we help?
We had the capacity to provide outsourced DPO support straight away. We allocated the college a Data Protection Officer and a Deputy Data Protection Officer, ensuring they had sufficient cover at all times. Due to the allocated DPO having a lot of previous educational experience, we were able to onboard the college quickly and with minimal impact, enabling them to concentrate on their core business. As the interim DPO, our primary objective was to assess their current state of data protection practices, identify any areas of non-compliance, and implement necessary measures to ensure compliance with relevant data protection laws.
To achieve this, we:
- Reviewed previous audits and provided remedial recommendations to help with current risks and improve their compliance.
- Conducted customised training sessions for staff members in key positions on data protection principles, compliance requirements, and best practices.
- Promoted a culture of data protection awareness and skills transferred to staff, helping them to be more self-sufficient in the future.
- Drafted and implemented updated data protection policies and procedures, tailored to the College’s specific needs, ensuring that policies were easily accessible to all staff and students.
- Provided updates on any changes in data protection regulations
- Actively reviewed risk assessments and compliance audits, reporting to the Senior Leadership Team where necessary.
As part of our ongoing service, we support the staff daily via our ticket system, ensuring someone is always on hand to provide advice and guidance on any data protection queries.
Our work as the interim DPO at Bedford College demonstrates the effectiveness of a proactive approach to data protection compliance. By updating and implementing tailored policies, conducting staff training, and instituting robust procedures, we successfully supported the requirements of data protection regulations, safeguarding the privacy of their students and mitigating potential risks.
It has been a pleasure working with Bedford College. We commend their proactive approach to – and dedication to raising awareness about – data protection. The college’s commitment to protecting student data sets a highly respectable standard for educational institutions.
What the client had to say:
‘We instructed DPAS to provide us with an interim DPO service, while we look to recruit for a full-time position, in readiness for the next academic year. Charlotte has kindly stepped on board, offering her subject matter expertise in data protection law. She has assisted us in drafting legal documents, DPIAs, policies, and the writing of committee papers, as well as providing end-to-end support with the subject access request process. As a part of our work with Charlotte, she has engaged with staff members, offering support and providing the skills transfer needed to ensure our staff are adequately trained.’
Saeed Keynejad – The Bedford College Group
