Data Protection Services

Article Image

Keeping data safe in the digital age

Under the General Data Protection Regulation (GDPR), which took effect on the 25th of May 2018, all schools are required to appoint a Data Protection Officer (DPO).


Schools also need to adhere to the Data Protection Act 2018 (DPA) which is a United Kingdom Act of Parliament.

What does a DPO do?

Enable and help the school and its staff to understand and comply with current data protection regulations, including their own school Data Protection Policy and Privacy Notices. The DPO should encourage a ‘data protection culture’, ensuring staff understand their data responsibilities. .  

The DPO is the first point of contact for all stakeholders with regard to data – highlighting and upholding the principles of data processing, data subjects’ rights, records of processing activities, security of processing, and the notification and communication of data breaches.

What is included?

  • Gloucestershire County Council will remain your school's Data Protection Officer
  • Access to a range of comprehensive data protection training, including four bespoke training sessions held at Shire Hall tailored specifically for crucial roles within the workings of your school
  • Year round query management - telephone and email support for all data protection questions and queries 8:30am to 4:30pm Monday to Friday
  • Hands-on support and an on-site visit with all complicated information requests, including Subject Access Requests, Freedom of Information Requests and Pupil Information Requests
  • Access to a wide range of data protection resources including policy templates, FAQs and our exclusive VLOG training
  • Newsletters and legal updates to brief staff on any decisions made by the ICO

The DPO will working along side the school's data protection lead, known as the Data Controller to: 

  • Educate the whole school community in relation to Data Protection
  • Serve as the point of contact between the school and Data Protection Supervisory Authorities and third parties
  • Support the school's Data Controller to monitor performance and providing advice on the impact of data protection efforts
  • Work with the school in maintaining comprehensive records of all data processing activities conducted, including the purpose of all processing activities, which must be made public on request
  • Support the Data Controller when dealing with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information
  • Support and inform policy and practice for risk and data breaches


The Service Level Agreement contains any specific terms and conditions for this service.