Veritau

Information Governance Services for schools

Data Protection and Preparing for GDPR

The General Data Protection Regulations (GDPR) come into force from 25 May 2018 and will result in significant changes to the rules on data protection. The rules include the possibility of significant fines for organisations which fail to protect personal data. All organisations therefore need to review their arrangements for processing personal data to ensure compliance. Is your school ready?

Preparing for GDPR: Training for senior managers and governors
A single 90-minute training session will cover the key elements of the new legislation.
Topics to be covered include:
  • Data Protection Bill
  • Data processing contracts
  • Data breaches and self-reporting
  • Data Protection Officer – legal obligations
  • Subject Access Requests – reduced time requirement
  • Revised guidance on consent
  • Pupils and parents – capacity and age
  • Privacy by design and DP Impact Assessment
  • Rights of portability, rectification and erasure
  • Role of Data Protection Officer
Cost:
£30 per person per session or
£350 per session (up to 20 persons)
Review of preparedness for GDPR
The GDPR will come into force in May 2018 and Veritau can assist schools in preparing for it in two ways:
  • Full audit visit (3 days)
  • Workshop / focus group meeting with senior managers / governors (1 day)
Areas which will be examined include:
Information asset register (IAR): the comprehensive record of information held by the organisation. The IAR is the essential building block for effective information governance.
Data processing contracts: a school’s data processors will have increased responsibilities and so the standard contract terms must be revised. The IAR is the way to locate contracts which may require re-negotiation
Privacy or Fair Processing Notices: the mandatory statement describing how personal data will be processed, including sources and recipients
Subject Access Request procedure: personal data must be sufficiently accessible to allow easy retrieval and redaction within the new reduced time allowance of one month. Procedures must provide for validating the request and preparing material for disclosure.
Data Protection Officer: all maintained schools are public authorities and must therefore appoint a data protection officer who is qualified, independent and properly resourced
You will receive a report identifying any gaps in your arrangements and a suggested action plan.
Cost:
Full audit visit - £750
Workshop / focus group meeting - £350
Data Protection / Information Governance Annual Support Contract
The annual service will include:
  • Advice (unlimited telephone advice on data protection / information governance matters)
  • Regular newsletters and access to a dedicated website for guidance and information
  • Provision of standard templates (policies, privacy notices, information asset registers etc)
  • Data Protection Officer (including all mandatory duties plus annual report to governors)
  • Correspondence and liaison with the ICO
  • Training (two free places on training courses each year)
  • Subject access and Freedom of Information Act requests (up to 10 hours of support each year to respond to requests)
  • Information Asset Register maintenance / records management (up to 10 hours of support each year to help maintain registers)
Annual cost (based on size of school / federation / trust):
< 50 pupils - £400
50 – 99 pupils - £600
100 – 499 pupils - £900
500 – 1,000 pupils - £1,200
>1,000 pupils - £1,800