Posts

DPO

Since 2017, Schools, Trusts and Colleges have been bombarded with stories about the requirements and risks of failing to comply with GDPR. The mass of information around the internet can seem daunting even overwhelming, but we are here to help you on your journey to compliance.

Any schools in state sector, including local authority nursery provision, are required to have a data protection officer (DPO) by law. Many schools have already met this requirement, by allocating this role to an existing member of staff, often IT managers or Business managers. Others have bought in services from providers like local authorities, legal firms, IT suppliers and specialised consultants, however, it isn’t always easy.

Being a Data Protection Officer (DPO) demands a deep knowledge of data protection law and practice. It also requires that the DPO has no conflicts of interest. For most schools, and trusts, having a person who can meet these requirements is extremely challenging.

The DPO is responsible for:

  • Informing the organisation on its GDPR obligations
  • Monitoring the compliance
  • Being the first point of contact for employees and supervisory authorities
  • Ensuring that staff are properly trained
  • Conducting audits and supporting data protection impact assessments

GDPR compliance must integrate with the day to day operation of the organisation, how confident are you that you are doing everything required by the ICO?  

As practicing DPO’s ourselves, we are here to support you.  

Being appointed to this demanding role comes with a heap of confusion, our aim is to bring you solutions to control your compliance.

That’s why we have developed the Sentry System, specifically for the Education Sector. Sentry allows you to manage all compliance in one place, whether it is for one school, across a trust or a multi campus college.

To find out more about how our Sentry System can help you, click here. Or, if you require additional support, we are more than happy to help. Contact our support team here.

GDPR Sentry can help you fill the knowledge gap

The DPO, or Data Protection Officer, is a role that has been discussed at length as the GDPR has moved from concept to reality.

The DPO is responsible for:

  • Informing the organisation on its GDPR obligations
  • Monitoring that compliance
  • Being the first point of contact for employees and supervisory authorities
  • Training Staff
  • Conducting audits and supporting data protection impact assessments

There are requirements about how the role fits into the organisation. It must report to the highest level (to a board member) and have access to appropriate resources. The DPO must not be at risk of dismissal or penalty for doing the job. Conflicts of interest, such as decision-making responsibility for how data is processed, are not allowed.

You can assume that all the requirements were made with large organisations in mind.

Some organisations must appoint a DPO. Public bodies like schools and organisations that process large amounts of personal data must have a DPO in place for May 25th 2018. For others there is no mandatory requirement.

The question is, should you appoint a DPO anyway?

Organisations rely on accurate, well managed information, it makes great customer service easier and can be the basis of improved efficiency.

It may seem that the Data Protection Officer must be an IT expert but, in fact, it’s a process role. The best person to deal with the task may well sit in an Operations role or if you have someone responsible for quality management. This should avoid the conflict of interest issue, but there may still be some reassurance needed that they will be supported.

Thinking about compliance as a process you integrate with the day to day operation of the organisation, rather than an unknown external risk can remove the fear factor. Whether you give the title to a person or not, the tasks of the DPO can become part of business as usual.

Does your organisation need awareness training?