DPO Service

Under the UK GDPR, public sector organisations must appoint an independent Data Protection Officer (DPO). To support schools the Data Protection Service is offered via de-delegated budgets to maintained Enfield schools to offer provision of an independent DPO function to ensure your school meet its statutory duties ( UK GDPR Section 4 Article 37-39)

Scope of Services

The DPO service will inform and advise maintained Enfield schools and its employees about its obligations to comply with the UK GDPR, and other data protection laws. Below are details of the areas of support that the Data Protection Service will provide.

Details

1. Appointment of a qualified DPO in accordance with Article 37 of UK GDP
2. Providing up to date school policy templates.

1. Providing up to date Register Templates

• ROPA template
• Retention schedule
• Breach Log (maintained centrally by DP team for the school)

1. Providing up-to-date documents

• Data breach reporting form
• Data Protection Impact Assessment
• Data Sharing Agreement
• Data Processing Agreement

1. Providing general advice such as advice on privacy Notices, advice on consent forms
2. Advising on Data Protection Impact Assessments (DPIAs) DPIA screening, advice, and oversight for new systems, tools and projects and higher-risk processing.
3. Acting as first point of contact for the Information Commissioner’s Office (ICO)
4. Advice on handling Subject Access Requests (SARs) and Freedom of Information requests.
5. Assessment of reports on data breaches, advising on risk assessment and obligation to report to the ICO.
6. Advising on individual rights requests.
7. Raising awareness of data protection issues and providing training and awareness sessions for staff and governors.
8. Maintaining a data protection portal for documentation.

Benefits of the DPO Services

• No need to have own in-house Data Protection Officer
• Expert advice from an experienced data protection team offering specialist schools advice
• Practical advice on UK GDPR and DPA 2018
• Collaborative working with other Council services

3. Roles and Responsibilities

• DPO Team

•   - Ensure independence and impartiality of the DPO.
•   - Provide expert advice and timely support.
•   - Maintain confidentiality and data security.

• Schools

• School remains the data controller and implements decisions
• Provide access to necessary data and personnel.
• Implement recommended actions and policies.
• Ensure operational cooperation with the DPO.
• Remain ultimately responsible for compliance.
• Notify the DPO service early about new systems, suppliers, data sharing, and international transfers (pre-procurement and pre-go-live).

4. Service Levels

Hours of Service – 9am-5pm excluding bank holidays.

Services timescales for Schools and Data Protection Team