DATA PROTECTION FOR MULTI-ACADEMY TRUSTS
GDPR FOR MULTI-ACADEMY TRUSTS
Under the new GDPR legislation, schools and Multi-Academy Trusts have more responsibility. Implemented on 25 May 2018, the GDPR was a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation.
Schools and MATs must be able to demonstrate that they are complying.
It has bought new demands and challenges that can impact school resources and, ultimately, finances. The GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom.
DPAS works with councils, schools and Multi-Academy Trusts to help with their GDPR journey, but to also support them in an ongoing manner via our outsourced DPO services and more.
why DPAS
INDUSTRY EXPERIENCE
We have been providing services to schools and multi academy trusts since the GDPR was introduced.
EXPERT SUPPORT
We have qualified lawyers, GDPR practitioners, information security experts, qualified trainers and business analysts ready to support your schools.
PEACE OF MIND
By outsourcing this service ensures that you are confident that no stone will be left unturned.
HERE WHEN YOU NEED US
We have a dedicated ticketing system and phone line for our services, call us whenever you need us.
- Named Data Protection Officer
- GDPR for Schools software to support your schools ongoing compliance
- CPD accredited training for staff, nationwide
- Suite of policies designed for schools
- Yearly audit (mirroring the ICO audit)
- Posters, resources, videos, support & advice
- Support and guidance for Cyber Essentials Accreditation if required
Your DPAS Data Protection Officer
One of the biggest changes introduced under GDPR is that schools must now have a Data Protection Officer. DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority. The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.
Most schools do not have that internal member of staff to take on the Data Protection Officer role that has the experience that the GDPR requires. Therefore, outsourcing your DPO is a cost-effective option for schools, allowing you to meet the regulatory requirements.
Our DPO will work closely with your school’s Data Champions, ensuring that Data Protection processes are in place and compliance levels are maintained.
Our outsourced Data Protection Officer will support your school in the following way:
- Provides a yearly audit report to the Governors
- Registered with the ICO
- Liaises with the School’s Data Champion
- Supports your school in the event of an ICO audit
- Provides Independent advice when required
- Can provide subject matter expertise on DPIAs
- Can assist with Data Breaches or near misses
GDPR for Schools Software
A highly secure, cloud-based tool designed to reflect existing processes and the way schools work, whilst pro-actively prompting them to meet and exceed the requirements of the new General Data Protection Regulation.
The software allows you as a school or Multi-Academy Trust to:
- Centrally manage GDPR across your school
- Demonstrate commitment to manage data sensitively and ethically
- Build a framework to encourage a culture of privacy
- Prompt good practice surrounding data protection
- React quickly to SARs, incidents and data breaches
- Advocate and demonstrate accountability
- Manage training across your school
- Report termly to your governors
- Internally audit your schools and identify potential issues
- Having an outsourced DPO ensures you are complying to the requirements set out in the GDPR regarding a Data Protection Officer
- Access tools, templates, and resources which would take months to create
- Saves time for the organisation by using external sources
- We can highlight gaps in compliance, i.e. where Data Processing Agreements have not been agreed or are not in place
- Be confident that you are being advised by an experienced, approachable, and adaptable team
- Helps you to demonstrate to parents that your school promotes a data safe culture
- Our bundled services encompass all of your data protection needs as an organisation, providing you with support, guidance and the tools to deliver compliance
- We have services which ensures all of your needs are covered, using just one company.
1. Can you tell me more about your CPD Training?
We know that the ICO are focusing heavily on training and awareness when auditing schools and determining if they are complying to the legislation.
The ICO requires schools to ensure they have a needs based training programme developed, ensuring that each member of staff understands the role they play in ensuring data is kept safe.
Specialist training should be provided to those that are fulfilling the role of: the data protection officer, data protection manager, IG manager, SIRO and more.
Assessments and minimum pass rates should be adhered to, ensuring content and training is effective.
Training should be refreshed on an annual basis and evidenced.
Our training courses are accredited and relevant. We offer:
- Data Protection Officer Course (4 days)
- GDPR Foundation Course (1 day)
- GDPR Practitioner Course (2 days)
- Subject Access Requests Course or DPIA Course (1 day)
- General Staff Awareness (3 hours)
- eLearning for Schools (1 hour)
2. Will you do an audit?
Mirroring the ICO audit, our external audit enables MATs and Schools to understand where your schools are on their GDPR journeys. Our audit provides you with a detailed report on the school enabling you to target resources to areas of compliance and security.
3. What other services can you provide?
Aside from our services listed above, we can manage the entire compliance programme within a multi-academy trust or school.
We can:
- Develop Information Governance Teams
- Undertake a GAP analysis and audit
- Complete your record of processing activities
- Complete a risk analysis across the organisation
- Deliver a set of bespoke policies and procedures including;
- Data protection policy
- Privacy statements and notices
- Retention policy and schedule
- Individuals rights policy
- Subject access rights policy and template letters
- Data protection impact assessments template and policy
- Staff training policy
- Data sharing agreements
- Supplier risk assessments
- Incident and breach management policy and process
- Help with Cyber Essentials accreditation
- Deliver ISO27001 audit and services
4. What is GDPR for Schools software?
A highly secure, cloud-based tool designed to reflect existing processes and the way schools work, whilst pro-actively prompting them to meet and exceed the requirements of the new General Data Protection Regulation.
The software allows you as a school or multi academy trust to:
- Centrally manage GDPR across single or multiple schools
- Demonstrate commitment to manage data sensitively and ethically
- Build a framework to encourage a culture of privacy
- Prompt good practice surrounding data protection
- React quickly to SARs, incidents and data breaches
- Advocate and demonstrate accountability
- Manage training across your schools
- Report termly to your governors
- Internally audit your schools and identify potential issue
5. How much is your data protection package for schools?
Unlike a lot of consultancies, DPAS offers our customers a fixed yearly cost for our services. That way, the school can budget for what is required. Our yearly costs start at £1,000 per year per school.
