Let’s face it, even at the best of times being a DPO is challenge enough. Schools hold an incredible amount of truly sensitive data and often on some of society’s most vulnerable children.
What special measures have you introduced to support data protection for homeworking and remote learning?
A quick reminder of the tasks your DPO should be doing:
1) Keeping their school(s) up to date with data obligations.
2) Checking compliance with school policies and GDPR law.
3) Ensuring they (and school staff) are up to date with GDPR requirements and ensuring training is in place to maintain this.
4) Liaising with the ICO as appropriate.
5) Advising on and reporting data breaches within 72 hours.
6) Managing SARs (Subject Access Requests) within required timescales and compliantly.
Don’t forget that your DPO needs to be independent (i.e. not at risk of a conflict of interest) as well as having sufficient expertise in the subject.
A sense check of whether the DPO role is being carried out compliantly would be to review the number of data breaches recorded (and reported if appropriate). If it is zero, then that is more likely to indicate non-compliance as opposed to ‘data protection perfection’. After all, it would be almost impossible to not have any kind of minor data breach.
We see, for the 1,200 schools our Education DPO looks after, more than 100 SARs per week and averaging more than a dozen reportable data breaches each day.
The DPO is, arguably, one of the areas that schools should always consider outsourcing if they don’t gave a dedicated (independent) DPO.
To support your school / federation / SAT / MAT, we will refund 10% of the 1st year’s premium for any new customers who outsource their DPO through us.
Ask for a no obligation quote.