top of page
Boy in Art Class

GDPR Service

As part of their statutory duties and obligations as Data Controllers and public authorities, schools are required to designate a Data Protection Officer (DPO) in order to comply with the GDPR and the DPA 2018.


A school may designate an internal DPO from existing staff, or designate an external DPO to act for a group of schools. The DPO is responsible for managing compliance with the school’s Data Protection Policy.


The BSP offers an overarching Data Protection service to help schools fulfil their duties and obligations as Data Controller.


A key part of this service is the designation of a named Data Protection Officer (DPO) for the school who is:

  • the notified individual to the Information Commissioners Office (ICO) and published within a public register;

  • the named individual for direct contact by Data Subjects

  • the main contact with the ICO to support communications regarding all complaints and breaches

The GDPR Service also includes:

Year-round DPO Service to support schools in their statutory requirements in relation to data management.

Year-round professional advice via email and telephone for school Data Protection Leads (DPLs) in managing any data issues.

Unlimited advice and support where Data Protection compliance is at risk.

Investigations in relation to data management complaints and incidents including correspondence with schools and the ICO.

Advice on Data Protection Impact Assessments (DPIA) for new projects.

Annual Compliance review – one day equivalent.

Access to bespoke support from the DPO to maintain compliance – half day equivalent.

Termly GDPR briefings and networking opportunities for key school staff.

Termly GDPR Information Governance updates to schools.

Access to a suite of compliant model documents and up to date examples of compliance issues (policies, procedures, forms, privacy notices).

bottom of page