Data Protection Services (GDPR)
APPOINTING A DATA PROTECTION OFFICER (DPO)
Maintained schools and academies are defined as public authorities under GDPR and therefore MUST appoint a Data Protection Officer (DPO) to ensure continued compliance. Your DPO can be a school employee or a school governor - but not the Chair of the Governing Body or Headteacher. Schools can appoint a DPO individually, share a DPO (for example if they belong to a MAT or a federation), or appoint a DPO via a service provider.
The DPO role is largely advisory and they should actively guide your school's ongoing efforts to comply with GDPR. Their main job is to raise awareness of issues around data protection within the school however, accountability for compliance remains with the school and the governing body therefore it's essential that the DPO reports to the highest management level in your school.
Article 37(5) of GDPR states "The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39"
Article 38(6) specifies that they must be able to carry out the role of the DPO while avoiding any potential conflict of interests in their other duties. Article 29 states "...the DPO cannot hold a position within the organisation that leads him or her to determine the purposes and the means of the processing of personal data. Due to the specific organisational structure in each organisation, this has to be considered case by case"
There are several significant benefits of buying into our outsourced Data Protection Officer service:
- Our expert knowledge and experience in data protection and GDPR in the education sector
- Prices start from as little as £3,550 for a year saving time, money and your school's reputation
- Testimonials from current subscribers to provide your school with the reassurance it needs
Already have a Data Protection Officer?
- How does your DPO stay up-to-date with data protection knowledge?
- Are they given opportunities to network with other DPO's from other schools to share knowledge?
- Does your DPO need support from time to time?
- How does your DPO deliver training to staff?
- How does your DPO handle subject access requests and personal data breaches?
- Do they need any additional training in this area?
- Does your school have a contingency plan if your DPO is absent for any length of time?
Contact the Data, Assessment and GDPR Team
GDPR Helpline: 01392 287317Email the team
Data and AssessmentTweets by @DataBabcockLDP
The GDPR service we have received from Babcock LDP has been extremely comprehensive. The training provided to all our staff was excellent and vital in raising their awareness of the new legislation. The DPO has provided excellent support to the College and assisted us in becoming ready for the introduction of GDPR.