Information Governance for Schools

The Information Governance for Schools Service assists schools in complying with their legal responsibilities under the following pieces of legislation:

  • General Data Protection Regulation 2016
  • Data Protection Act 2018
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004

The Service includes:

  • Access to specialist professionals who can advise on the school’s implementation and compliance with data protection legislation.
  • Annual consensual health checks to test GDPR compliance.
  • The provision of expert assistance in responding to requests for information under data protection legislation and the Freedom of Information Act.
  • Model policies, reviewed and updated annually, including a Freedom of Information Policy, CCTV Policy and a Data Protection Policy which reflects the 2018 changes in data protection law.
  • Access to online training for all employees in relation to data protection and freedom of information and the provision of in-house training by the Senior IG Officer if necessary
  • Assistance in maintaining a Record of Processing Activities which is a requirement under GDPR.
  • Advice on fair processing notices, consent, data privacy impact assessments and data sharing agreements.
  • Advice in relation to Records Management.
  • Advice on Cyber Security.

The Service also includes BwD’s Senior IG Officer acting as schools Designated Data Protection Officer.

Under GDPR, it is mandatory for schools to appoint a Designated Data Protection Officer. The DPO’s minimum tasks are defined in Article 39:

  • To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
  • To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
  • To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

Please note the GDPR does not specify the precise credentials a Data Protection Officer is expected to have. However, it states you should have professional experience and knowledge of data protection law.

So why choose us?

Almost  20 years’ experience in dealing with Information Governance legislation and issues on a daily basis in a variety of roles.

  • Full service support, Monday to Friday, 9 am to 5pm
  • A dedicated point of contact
  • Flexible support via email, telephone and on-site visits
  • Qualified Practitioners