Data Protection Support
The General Data Protection Regulation (GDPR) requires schools to appoint a Data Protection Officer (DPO). The DPO must have expert knowledge of data protection law and practice which includes in-depth understanding of the GDPR.
The DPO has a number of core functions which include:
- informing and advising the school, its teachers and other employees about their obligations to comply with GDPR and other data protection laws;
- monitoring compliance with GDPR and other data protection laws including managing internal data protection activities, advise on Data Protection Impact Assessments, train staff and conduct internal audits; and
- acting as the first point of contact for people whose data are processed by the school and for the Information Commissioner’s Office.
Burnetts provides a data protection officer support service to schools, which is available either on its own or as part of a general legal services retainer.
Data Protection Officer Support Service
Our team of data protection and freedom of information specialists includes two partners, a solicitor and a trainee solicitor. They provide our schoolclients with data protection advice to support to the data protection officer. The support package is customised to meet the needs of each school but would typically include:
- Ad hoc advice on data protection matters (such as subject access requests) and other GDPR-related enquiries;
- review/updating of policies and privacy notices as required; and
- preparation of DPO report and attendance at governors’ meetings if required.
Additional support would include advising on data protection impact assessments and the provision of training to staff and governors as required.
Pricing structures are flexible according to your needs. An example service would comprise:
- an annual payment covering all the matters in the bullet-point list above, including ad hoc queries and initial advice of up to one hour on any new matter by telephone, email or face to face. There would be no limit on the number of matters that could be referred. Once one hour of advice has been given on any particular issue, additional time would be charged at preferential hourly rates;
- discounted fixed fee training sessions; and
- out of hours support where required (eg a breach notification), provided at an hourly / day rate.