DATA PROTECTION SERVICES FOR MULTI-ACADEMY TRUSTS

DATA PROTECTION OFFICER SERVICES

Implemented on 25 May 2018, the GDPR was a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation.

It has bought new demands and challenges that can impact school resources and ultimately finances. The GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom.

Schools and MATs have more responsibility under the new legislation and must be able to demonstrate that they are complying.

DPAS works with councils, schools and MATs to help with their GDPR journey, but to also support them in an ongoing manner via our outsourced DPO services and more.

multi academy

why DPAS

experience icon

INDUSTRY EXPERIENCE

We have been providing services to schools and multi academy trusts since the GDPR was introduced.

support icon

EXPERT SUPPORT

We have qualified lawyers, GDPR practitioners, information security experts, qualified trainers and business analysts ready to support your schools.

client icon

PEACE OF MIND

By outsourcing this service ensures that you are confident that no stone will be left unturned.

working internationally icon

HERE WHEN YOU NEED US

We have a dedicated ticketing system and phone line for our services, call us whenever you need us.

  • Named Data Protection Officer
  • GDPR for Schools software to support your schools ongoing compliance
  • CPD accredited training for staff, nationwide
  • Suite of policies designed for schools
  • Yearly audit (mirroring the ICO audit)
  • Posters, resources, videos, support & advice
  • Support and guidance for Cyber Essentials Accreditation if required

Your DPAS Data Protection Officer

One of the biggest changes introduced under GDPR is that schools must now have a Data Protection Officer.  DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority. The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.

Most schools do not have that internal member of staff to take on the Data Protection Officer role that has the experience that the GDPR requires.  Therefore, outsourcing your DPO is a cost-effective option for schools, allowing you to meet the regulatory requirements. 

Our DPO will work closely with your school’s Data Champions, ensuring that Data Protection processes are in place and compliance levels are maintained. 

Our outsourced Data Protection Officer will support your school in the following way: 

  • Provides a yearly audit report to the Governors
  • Registered with the ICO
  • Liaises with the School’s Data Champion
  • Supports your school in the event of an ICO audit
  • Provides Independent advice when required 
  • Can provide subject matter expertise on DPIAs
  • Can assist with Data Breaches or near misses

GDPR for Schools Software

A highly secure, cloud-based tool designed to reflect existing processes and the way schools work, whilst pro-actively prompting them to meet and exceed the requirements of the new General Data Protection Regulation.

The software allows you as a school or MAT to:

  • Centrally manage GDPR across your school
  • Demonstrate commitment to manage data sensitively and ethically
  • Build a framework to encourage a culture of privacy
  • Prompt good practice surrounding data protection
  • React quickly to SARs, incidents and data breaches
  • Advocate and demonstrate accountability
  • Manage training across your school
  • Report termly to your governors
  • Internally audit your schools and identify potential issues
  •  
  • Having an outsourced DPO ensures you are complying to the requirements set out in the GDPR regarding a Data Protection Officer
  • Access tools, templates, resources which would take months to create
  • Saves time for the organisation by using external sources
  • We can highlight gaps in compliance, i.e. where Data Processing Agreements have not been agreed or are not in place
  • Be confident that you are being advised by an experienced, approachable and adaptable team
  • Helps you to demonstrate to parents that your school promotes a data safe culture
  • Our bundled services encompass all of your data protection needs as an organisation, providing you with support, guidance and the tools to deliver compliance
  • We have services which ensures all of your needs are covered, using just one company.

1. Can you tell me more about your CPD Training?

We know that the ICO are focusing heavily on training and awareness when auditing schools and determining if they are complying to the legislation.

The ICO requires schools to ensure they have a needs based training programme developed, ensuring that each member of staff understands the role they play in ensuring data is kept safe.

Specialist training should be provided to those that are fulfilling the role of the data protection officer, data protection manager, IG manager, SIRO and more.

Assessments and minimum pass rates should be adhered to, ensuring content and training is effective.

Training should be refreshed on an annual basis and evidenced.

Our training courses are accredited and relevant, we offer:

  • Data Protection Officer Course (4 days)
  • GDPR Foundation Course (1 day)
  • GDPR Practitioner Course (2 days)
  • Subject Access Requests Course or DPIA Course (1 day)
  • General Staff Awareness (3 hours)
  • eLearning for Schools (1 hour)

2. Will you do an audit?

Mirroring the ICO audit, our external audit enables MATs and Schools to understand where your schools are on their GDPR journeys. Our audit provides you with a detailed report on the school enabling you to target resources to areas of compliance and security.

3. What other services can you provide?

Aside from our services listed above, we can manage the entire compliance programme within a multi-academy trust or school.

We can:

  • Develop Information Governance Teams
  • Complete a GAP analysis and audit
  • Complete your record of processing activities
  • Complete a risk analysis across the organisation
  • Deliver a set of bespoke policies and procedures including;
  • Data protection policy
  • Privacy statements and notices
  • Retention policy and schedule
  • Individuals rights policy
  • Subject access rights policy and template letters
  • Data protection impact assessments template and policy
  • Staff training policy
  • Data sharing agreements
  • Supplier risk assessments
  • Incident and breach management policy and process
  • Help with Cyber Essentials accreditation
  • Deliver ISO27001 audit and services

4. What is GDPR for Schools software?

 A highly secure, cloud-based tool designed to reflect existing processes and the way schools work, whilst pro-actively prompting them to meet and exceed the requirements of the new General Data Protection Regulation.

The software allows you as a school or multi academy trust to:

  • Centrally manage GDPR across single or multiple schools
  • Demonstrate commitment to manage data sensitively and ethically
  • Build a framework to encourage a culture of privacy
  • Prompt good practice surrounding data protection
  • React quickly to SARs, incidents and data breaches
  • Advocate and demonstrate accountability
  • Manage training across your schools
  • Report termly to your governors
  • Internally audit your schools and identify potential issue

5. How much is your data protection package for schools?

Unlike a lot of consultancies, DPAS offers our customers a fixed yearly cost for our services. That way, the school can budget for what is required. Our yearly costs start at £1,000 per year per school.