Skip to main content
Facilities

Property and Facilities Management

people

Professional Support Services

education

Education and skills

.
Right Arrow

All Services

Preparing for GDPR

veritau logo

Information Governance Services for schools: Data Protection and Preparing for GDPR

The General Data Protection Regulations (GDPR) come into force from 25 May 2018 and will result in significant changes to the rules on data protection.The rules include the possibility of significant fines for organisations which fail to protect personal data. All organisations therefore need to review their arrangements for processing personal data to ensure compliance. Is your school ready?

 

A single 90-minute training session will cover the key elements of the new legislation. 

Topics to be covered include:

  • Data Protection Bill
  • Data processing contracts
  • Data breaches and self-reporting
  • Data Protection Officer – legal obligations
  • Subject Access Requests – reduced time requirement
  • Revised guidance on consent
  • Pupils and parents – capacity and age
  • Privacy by design and DP Impact Assessment
  • Rights of portability, rectification and erasure

 

 

We can help your school with the provision of a:

  • Full audit visit (3 days) OR
  • Workshop / focus group meeting with senior managers / governors (1 day)

Areas which will be examined include:
 
Information asset register (IAR): the comprehensive record of information held by the organisation. The IAR is the essential building block for effective information governance.
 
Data processing contracts: a school’s data processors will have increased responsibilities and so the standard contract terms must be revised. The IAR is the way to locate contracts which may require re-negotiation
 
Privacy or Fair Processing Notices: the mandatory statement describing how personal data will be processed, including sources and recipients
 
Subject Access Request procedure: personal data must be sufficiently accessible to allow easy retrieval and redaction within the new reduced time allowance of one month. Procedures must provide for validating the request and preparing material for disclosure.
 
Data Protection Officer: all maintained schools are public authorities and must therefore appoint a data protection officer who is qualified, independent and properly resourced
 
You will receive a report identifying any gaps in your arrangements and a suggested action plan.
 
 

An annual contract that ensures that you are fully supported for Data protection regulations and have access to experts throughout the year when these are needed. Provided is a vast range of knowledge articles and resources to access any time online so there is always a guide available.

The annual support contract will include:

  • Telephone advice -  8.30am to 4.30pm Monday to Friday
  • Regular newsletters and access to online guidance and knowledge base
  • Provision of standard templates (for e.g. policies, privacy notices, information asset registers)
  • Data Protection Officer (including all mandatory duties plus annual report to governors)
  • Correspondence and liaison with the ICO
  • Two free training places on GDPR training courses per year
  • Up to ten hours of subject access and Freedom of Information Act requests
  • Up to ten hours of Information Asset Register maintenance / records management 

 

 

A single 90-minute training session will cover the key elements of the new legislation. 

Topics to be covered include:

  • Data Protection Bill
  • Data processing contracts
  • Data breaches and self-reporting
  • Data Protection Officer – legal obligations
  • Subject Access Requests – reduced time requirement
  • Revised guidance on consent
  • Pupils and parents – capacity and age
  • Privacy by design and DP Impact Assessment
  • Rights of portability, rectification and erasure

 

 

We can help your school with the provision of a:

  • Full audit visit (3 days) OR
  • Workshop / focus group meeting with senior managers / governors (1 day)

Areas which will be examined include:
 
Information asset register (IAR): the comprehensive record of information held by the organisation. The IAR is the essential building block for effective information governance.
 
Data processing contracts: a school’s data processors will have increased responsibilities and so the standard contract terms must be revised. The IAR is the way to locate contracts which may require re-negotiation
 
Privacy or Fair Processing Notices: the mandatory statement describing how personal data will be processed, including sources and recipients
 
Subject Access Request procedure: personal data must be sufficiently accessible to allow easy retrieval and redaction within the new reduced time allowance of one month. Procedures must provide for validating the request and preparing material for disclosure.
 
Data Protection Officer: all maintained schools are public authorities and must therefore appoint a data protection officer who is qualified, independent and properly resourced
 
You will receive a report identifying any gaps in your arrangements and a suggested action plan.
 
 

An annual contract that ensures that you are fully supported for Data protection regulations and have access to experts throughout the year when these are needed. Provided is a vast range of knowledge articles and resources to access any time online so there is always a guide available.

The annual support contract will include:

  • Telephone advice -  8.30am to 4.30pm Monday to Friday
  • Regular newsletters and access to online guidance and knowledge base
  • Provision of standard templates (for e.g. policies, privacy notices, information asset registers)
  • Data Protection Officer (including all mandatory duties plus annual report to governors)
  • Correspondence and liaison with the ICO
  • Two free training places on GDPR training courses per year
  • Up to ten hours of subject access and Freedom of Information Act requests
  • Up to ten hours of Information Asset Register maintenance / records management 

 

 

Interested in Preparing for GDPR?

Let us know your details and one of our Relationship Managers will be in touch with some more information: nyes@northyorks.gov.uk