DPO as a Service For Education
Home / DPO as a Service / Education
DPO For Nurseries, Schools, Colleges and Universities
Data Privacy Services provides skilled and experienced data protection professionals for education establishments.
- Certified DPO
- Meet Legal Requirement
- Reduce Compliance Risk
- Data Breach Support
- DSAR Support
- Flexible Contract Terms
Note – we can provide discounts for multiple education establishments e.g. a group of schools.
Role of a DPO in Education
A DPO ensures that you meet a specified legal requirement and acts as the point of contact for all data protection requirements.
A DPO’s role includes the review and on-going monitoring of compliance with the data protection legislation.
This typically means that the DPO will complete an annual audit of the organisations compliance and develop and maintain a Privacy by Design Plan.
As part of the compliance monitoring activities the DPO will review how Privacy by Design is implemented into the organisations operational processes and procedures.
This is a specific requirement under Article 25 and must be in place to be compliant.
The DPO should act as the central point of contact for any data breach that occurs within the organisation (assuming this involves personal data).
The DPO should have the experience needed to follow the legal and best practice methodology for managing incidents. They will provide advice and guidance and ensure that the correct steps are taken to minimise risk.
Note – they will also be the point of contact with the associated Information Regulator (e.g. the UK’s Information Commissioners Office).
The DPO is required to keep an up-to-date record of the processing (ROPA) of the personal data that the organisation processes as a Data Controller and Data Processor.
The ROPA is a legal requirement under Article 30.
Data Subject Access Requests (DSARs) are commonly requested by individuals (i.e. the Data Subject) when exercising their rights under data protection legislation.
The DPO must ensure that the requests are appropriately managed in accordance with the legislative requirements.
A DPO should provide training to all staff on matters of both data protection and information security awareness.
There are specific legal requirements to train staff (under both Articles 5 and 32) so the DPO must ensure that this is in place and is fit for purpose.
Article 27 of the EU and UK GDPR requires that organisations provide a geographically located representative for citizens of the EU and UK.
UK Representative
This applies when an organisation is based in one region (i.e.the EU) and they process UK citizens data.
In this case, the UK representative must have an office in the UK.
EU Representative
This applies when an organisation is based UK and they process EU citizens data.
In this case, the EU representative must have an office in the EU.
So, in the case of education establishments, this applies if you have staff or students that reside for at least part of the year inside the EU.
Note – We have offices in both the UK and EU and can support this requirement.
Other Services
Ask about our free GDPR audit
Processing of personal data within an educational setting
There are some specific requirements to consider when processing personal data within an education establishment.
Education establishments have many different software requirements, all of which need to conform with data protection.
Systems such as:
- ESS SIMS
- ESS Reading Cloud
- ESS UNIT-e
- ESS LMS
- Scholar Pack
- 2Simple
- Arbor
- Tapestry
The use of the above software will need to have the appropriate risk assessments and compliance measures in place.
All education establishments have to process sensitive (special categories) data about their staff and students etc.
Typically, this is done under safeguarding requirements but the correct legal basis for processing and other requirements need to be followed.
In terms of data protection, children under the age of 13 have to be treated differently than those aged 13 and over.
This causes significant complexity for some education establishments (e.g. Nurseries and Schools) and the way that the legal basis for the processing is obtained must be in compliance with the legislation.
There are crucial rules to follow with regards to how schools communicate and manage the legal the basis for processing in areas such as:
- Newsletters
- Media usage (e.g. images)
- Social media
- Parent / Teacher communications
- General photography in the establishment and on trips / holidays
Education establishments process personal data of a wide variety of individuals also known data subjects.
These include:
- Pupils and former pupils
- Parents and carers
- Employees and ex-employees
- Governors and trustees
- Local authority personnel
- Volunteers, visitors and applicants
There are numerous policies and procedures that must be in place in order for the establishment to be compliant.
Also, these documents must be broadly communicated, understood and implemented to demonstrate compliance.
All education establishments must be doing everything they possibly can to secure the integrity, confidentiality and availability of personal data.
This requirement is complex and must be fully assessed as to what is required for compliance.
Current Incentives
We are offering discounts of 10% for 6 month contracts paid up front of 15% for 12 month contracts paid up front
DPO Service Levels
Premium
- Dedicated DPO
- Registration of DPO with the ICO
- 16 Hours Per Month
- Free Data Protection Audit
- Free ROPA Development
- Free Data Protection Policy
- Free Information Security Policy
- Privacy by Design Monitoring
- UK & EU Representation
- Access to Customer Portal
- Data Breach Support
- DSAR Management
- Monthly DPO Meeting
- Data Protection and Security Training
- Premium Dark Web Monitoring
- Reduced Hourly Rates
Enhanced
- Dedicated DPO
- Registration of DPO with the ICO
- 6 Hours Per Month
- Free Data Protection Audit
- Free ROPA Development
- Free Data Protection Policy
- Free Information Security Policy
- Privacy by Design Monitoring
- UK & EU Representation
- Access to Customer Portal
- Data Breach Support
- DSAR Management
- Monthly DPO Meeting
- Data Protection and Security Training
- Premium Dark Web Monitoring
- Reduced Hourly Rates
Standard
- Dedicated DPO
- Registration of DPO with the ICO
- Free Data Protection Policy
- Access to Customer Portal
- Access To Data Breach Support
- Access To DSAR Management
- Standard Dark Web Monitoring
- Reduced Hourly Rates
No fixed term contract, pay by monthly subscription
Benefits of engaging an outsourced DPO
We are an affordable and cost-effective option
There are many reasons to outsource the DPO function within your establishment, e.g.
Avoiding a conflict of interest – there are legal requirements regarding the DPO and the potential for conflict of interest. That said, typically an owner, governor, head teacher, and office manager cannot perform the function of a DPO. So engaging a DPO from Data Privacy Services removes this as an issue.
It’s rarely a full-time role – the DPO role isn’t often required to be a full time role within most education establishments. Outsourcing to us enables you to engage a part-time DPO on a flexible working arrangement.
The DPO has to be qualified and experienced – this is a challenging requirement for most organisations to fulfill. Employing an experienced certified DPO will put a significant additional cost to your operating overheads. Engaging one of our DPO resources is far more affordable and cost-effective.
You can call on additional resources – Data Privacy Services has a number of DPOs and also additional professional consultants who specialise in other areas such as information and cyber security.
We also provide you with additional services – these include training courses, online portal and Dark Web monitoring services. You will also be able to access some of our information and cyber security solutions to ensure that you can protect your personal data.
Our Certifications
