​The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body.


DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority.The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level.​


Most schools do not have that internal member of staff to take on the Data Protection Officer role who has the experience that the GDPR requires. Therefore, outsourcing your DPO is a cost effective option for schools, allowing you to meet the regulatory requirements. ​


Our DPO will work closely with your MATs data protection manager ensuring that data protection processes are in place and compliance levels are maintained.


A highly secure, cloud-based tool designed to reflect existing processes and the way schools work, whilst pro-actively prompting them to meet and exceed the new General Data Protection Regulations.​


The software allows you as a MAT to:


  • Centrally manage GDPR across single or mutiple schools
  • Demonstrate commitment to manage data sensitively and ethically

  • Build a framework to encourage a culture of privacy

  • Prompt good practice surrounding data protection

  • React quickily to SARs, incidents and data breaches

  • Advocate and demonstrate accountability

  • Manage training across your schools

  • Report termly to your governors

  • Internally audit your schools and identify potential issues


Mirroring the ICO audit, our external audit enables MATs to understand where your schools are on their GDPR journeys.

Our audit provides you with a detailed report on each school enabling you to target resources to areas of compliance and security.


Our audit focuses on the following areas:

  • Governance and accountability
  • Training and awareness

  • Records management

  • Security of personal data

  • Subject access and individiual rights

  • Data Sharing

  • Information Risk Assessments (DPIA)

  • Freedom of Information (FOI)


We know that the ICO are focusing heavily on training and awareness when auditing schools and determining if they are complying to the legislation.


The ICO requires schools to ensure they have a needs based training programme developed, ensuring that each member of staff understands the role they play in ensuring data is kept safe.


Specialist training should be provided to those that are fulfilling the role of the data protection officer, data protection manager, IG manager, SIRO and more.


Assessments and minimum pass rates should be adhered to, ensuring content and training is effective.

Training should be refreshed on an annual basis and evidenced.


Our training courses are accredited and relevant, we offer:


  • Data Protection Officer Course (4 days)
  • GDPR Foundation Course (1 day)

  • GDPR Practitioner Course (2 days)

  • Subject Access Requests Course or DPIA Course (1 day)

  • General Staff Awareness (3 hours)

  • eLearning for Schools (1 hour)


Implemented on 25 May 2018, the GDPR was a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation.


It has bought new demands and challenges that can impact school resources and ultimately finances. The GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom.


Schools and MATs have more responsibility under the new legislation and must be able to demonstrate that they are complying.


DPAS works with councils, schools and MATs to help with their GDPR journey, but to also support them in a ongoing manner via our outsourced DPO services and more.


DPAS is not your average compliance company, driven simply by numbers and red-tape.

We care about the organisations we work with, and the data that they hold on pupils and employees. It is important to us that the services and products we provide are useful, accurate and clear.


We have partnered with a number of suppliers enabling us to offer bundled data protection services to schools, MATs and councils. Our bundled services encompass all of your data protection needs as an organisation, providing you with support, guidance and the tools to deliver compliance.


Our services include:


  • Named Data Protection Officer.
  • GDPR for Schools software to support your schools ongoing compliance.

  • CPD accredited training for staff, nationwide.

  • Suite of policies designed for schools.

  • Yearly audit (mirroring the ICO audit).

  • Posters, resources, videos, support & advice.

  • Support and guidance for Cyber Essentials Accreditation if required.

Aside from our services listed above, we can manage the entire compliance programme within a multi-academy trust.


We can:

  • Develop Information Governance Teams
  • Complete a GAP analysis and audit

  • Complete your record of processing activities

  • Complete a risk analysis across the organisation

  • Deliver a set of bespoke policies and procedures including;

    • Data protection policy

    • Privacy statements and notices

    • Retention policy and schedule

    • Individuals rights policy

    • Subject access rights policy and template letters

    • Data protection impact assessments template and policy

    • Staff training policy

    • Data sharing agreements

    • Supplier risk assessments

    • Incident and breach management policy and process

  • Help with Cyber Essentials accreditation

  • Deliver ISO27001 audit and services


As a trust you can pick and choose from any of our services listed.


Contact us and find out how our Data Protection services can benefit your company.

Before filling in the form please ensure you have read and understood our privacy notice.


10 Oaktree Place, Marsh Barton, Exeter,

Devon EX2 8WA

01392 914019

  • Black LinkedIn Icon
  • Black Facebook Icon
  • Black Twitter Icon

©2019 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED


01392 914019

 Privacy Notice

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative

or definitive statement of the law.