GDPR Data Protection Officer for Schools

Securing GDPR compliance

GDPR, the General Data Protection Regulation comes into force on 25th May 2018. It is a requirement of the regulation that all Public Authorities appoint a Data Protection Officer (DPO). Under the Freedom of Information Act, (Section 3 (1) (a) (i) Schedule 1) state schools are considered Public Authorities. 

The Role of the DPO

The Data Protection Officer’s role is to: 


  • Inform
  • Advise
  • Monitor
  • Audit
  • Train
  • Represent

They may be a member of staff who is suitably free from conflict, which normally rules out the headteacher, network manager, school business manager and has sufficient time, particularly in event of an alleged breach, and proportionate expertise to carry out the role. 

Schools and academy Trusts can also collaborate to enable a senior person in one organisation to act as the DPO to another. 

The Data Protection Officer is expected to report directly to the highest level in the organisation (governing board) in data protection matters. 

Governors' Gateway DPO Service

While the school remains the Data Controller and has ultimate responsibility for compliance with all Data Protection requirements, our GDPR Data Protection Officer for schools service will help schools and academies to ensure: 

They comply with all relevant privacy related legislation

Staff and governors are fully informed of their own responsibilities 

They inform parents, students, employees and others about the data they hold, in line with the expectations outlined by GDPR

They have effective systems and records in place to ensure that data is lawfully processed and suitably protected 

They deal with requests for information professionally and promptly

Our service includes the following, tailored to the needs of the school, academy or academy Trust:


· Support with Policy Development 

· Assist with data mapping 

· Advise on data sharing

· Provide support in the event of a breach 

· Monitor compliance 

· Provide training for staff 

· Support with Subject Access Requests 

· Support implementation of Data Protection by Design


£375 per day

Other than where there are significant shortcomings in practice, a large number or complexity of requests for information, or complex alleged breaches, we would not expect a school to require more than 2 or 3 days support per year and in many cases less.

Purchase your first day of support now to engage our services for the year.