GDPR Support for Higher Education

The UK has more than 2.3 million students in higher education across 167 institutions meaning on average each institution has more than 13,000 students. Unlike trusts and schools, Higher Education Institutions are much more engaged with individuals and businesses outside. A large amount of personal data may be collected for the purposes of research projects.
This can create issues because the data collection and management may not be under the same control as the organisation would be managing information about staff and students.

Data Intensive Organisations

Higher Education institutions share a number of characteristics with colleges, schools and trusts. They hold a great deal of personal data about staff and students including a wide range of special category data. One major difference is the expectation that a university will engage with both other academic institutions (at home and abroad) and with organisations in business and industry.

Data lies at the heart of these interactions and prior to publication much of it is not anonymous. Compared to other settings then members of staff may have large stores of personal data that that the organisation is only aware of at a generic level. The requirement for individual members of staff to understand their responsibilities and manage this personal data appropriately is central to compliance. To fully map it’s use of personal data, a university will have to have registration data for every project running that uses such data creating a very large number of purposes of processing.

GDPR Sentry can support the most complex data protection regimes. The Sentry Compliance management system can be built in a modular fashion to match your organisation and our consultants understand the multilayered ways that personal data is used in Higher Education.

The Sentry System

Cloud Based Compliance Management

Scalable to Any Size

The Sentry System is the compliance hub for Higher Education. It’s a modular system than can build up to match

The Sentry System has been designed with 4 different access levels to enable the task of recording and managing compliance. Whether you build by department or by campus you can organise the operation of the system to match your procedures.

Although the system has built in process mapping templates, you can add any number of customised processes to cover the use of personal data in all contexts across the organisation.

The Sentry system is packed with features to make managing compliance easier and has been designed based on the needs of practicing data protection officers.

What it includes

  • Breach Management
  • SAR management
  • Data Mapping and Suppliers
  • DPIA
  • Staff Training
  • Global Administrator Role
  • Users contained to one site by default
  • Trust level operational and compliance dashboards

DPO & Helpdesk Services

Expertise on call

The right sort of help

When you’re focused on obtaining data it’s essential that you protect it appropriately and inform the data subjects of how that protection is being delivered. Working with schools and trusts we see examples where the requirements are not  followed and have recommend that data is not shared.

We are therefore in a strong position to advise on the construction and management of data sharing agreements. These also need to be considered when data is being passed between institutions.

With a large of individuals processing distinct data sets it’s also hard to keep track of subject access requests and breaches. We can provide a helpdesk that can be directly accessed by members of staff while keeping you informed of the issues that arise.

Service Models

  • Outsourced DPO: We provide full support including annual audits, 24/7 incident support, documentation and procedures.
  • DPO Support: Support for nominated members of your team for any data protection issues, working days or 24/7 options available
  • DPO Helpdesk: Incident based support for when you need additional expertise

Auditing Services

Keeping Track

More than box ticking

You’re dealing with compliance for the who institution and a good deal of work is going into reaching the new standards. The next question is how well are you doing on that journey? Auditing is one method to get answers to this question, but not all audits are the same.

We specialise in being able to evaluate whether processes and procedures are being followed in addition to whether they are in place. Being independent we can ask searching questions without disrupting critical working relationships.

The nature and scope of an audit programme would be agreed with you upfront with results coming back in a report format along with critical actions and recommendations.

Service Models

  • Surveillance Programme: Structured visits with a set agenda
  • Due Diligence: A detailed programme covering process and practice including readiness assessment
  • Investigation: Where there has been a significant breach or concerns have been raised and end to end review of the procedure

Training Courses

Building Your Expertise

Relevant Content

Everyone working for the college needs to have had some basic data protection training. For those people holding significant stores of personal data an additional level of training is recommended. This needs to include a broader understanding of the definition of personal data and the much tougher standards for information to be considered anonymous.

The size of most organisations means that a group of individuals should have comprehensive training to be able to serve as front-line advisers in addition to the data protection officer.

We have experience in both data protection and the communication of the requirements to individuals.

Delivery Options

  • On-site Delivery: We bring the training to you. It often the only way to be able to get all the people together who need to be trained
  • Off-site Delivery: We are happy to arrange a suitable venue to meet your requirements

Coming Soon

  • Our own training centre
  • Online delivery

Project Support

Help When You Need It

Clearly Defined Tasks

In and among the day to day tasks of managing GDPR compliance there some that can take a huge amount of resource. If your trust is expanding then you’ll need a programme of work to move the new member onto your compliance programme. Where there is a major system development you need to undertake a data protection impact assessment, or you may be trying to figure out how to reduce the frequency of breaches.

We can provide expert support for these type of projects. People who have experience in education, in data protection and in school systems.  We’ll scope a project out and then agree a schedule for delivery.

Types of Project

  • Data Protection Impact Assessments
  • Complaints & Investigations
  • ICO Inspection Preparations

What Our Customer’s Say

Havant and South Downs College have around 7,500 students across two campuses. Students range from 14-16 years old through to adult learners and include those taking Further and Higher Education qualifications.

With strong centralisation of the data protection function, HSDC have taken advantage of the modular nature of the Sentry System to manage essential functions at the campus level.

The Sentry System forms an essential component for HSDC to demonstrate compliance.

Havant & South Downs College

Download Sentry Brochure for Higher Education

Contact Us