GDPR and DPO
Of all the acronyms around, two have become a pain for most if not all schools. GDPR represents the internet moving forward for privacy and safety, a DPO (data protection officer) being a person who is there to help relieve the stress of GDPR. Koala IT realise that there has been conflicting evidence and wild pricing structures that have been confusing everyone involved with processing or collecting any data along with how to manage it.
Please feel free to look through our information to ease your mind and provide some extra sound advice about ways of moving into compliance. If you would like help from us or just want to know about our DPO service, then please click the link below to jump to information about what we can do for you.
Please feel free to look through our information to ease your mind and provide some extra sound advice about ways of moving into compliance. If you would like help from us or just want to know about our DPO service, then please click the link below to jump to information about what we can do for you.
Here is our free advice on GDPR
Who manages GDPR?
The Information Commissioners Office (ICO) are the governing body that is in charge of GDPR in the UK. Your DPO, if you have one, will be in contact with them if there are any breaches of data that could infringe in he rights of a person who's data has been lost/stolen.
They provide great advice for everything when it comes to GDPR and therefore have some of the best resources to help you through this time
They provide great advice for everything when it comes to GDPR and therefore have some of the best resources to help you through this time
What does it all mean?
The change in Data Protection law is to think about privacy and safety in the same way as safeguarding. It should be one of the first things you think about when handling any data including the purchase of new products to manage them. You also need to register with the ICO as a Data Controller with information about your designated Data Protection Officer
The ICO want to know that you are looking after the data you hold on subjects and that you are not holding any unnecessary data.
Your DPO can provide advice when purchasing new products as well as help with Privacy Impact Assessments.
Any company that processes data for you, must be able to prove their compliance otherwise you would not be compliant yourself.
The ICO want to know that you are looking after the data you hold on subjects and that you are not holding any unnecessary data.
Your DPO can provide advice when purchasing new products as well as help with Privacy Impact Assessments.
Any company that processes data for you, must be able to prove their compliance otherwise you would not be compliant yourself.
What does it mean to me?
With the ICO you can find some great checklists to help you see what you have done and what you need to do for compliance.
Every company that handles a persons information needs to become GDPR complaint. This involves:
A Data Protection Officer is there to help guide you through the process of becoming compliant
- - GDPR training for Staff or online training via an online service
- - Information audit of what data you hold, where it came from and who you share it with
- - Review all current policies and change in time for 25th May
- - Checking procedures to cover rights to delete or provide subjects information electronically in a common useable format
- - Update procedures for how you would deal with a Subject Access Request (SAR) request in the given time of 72 hours
- - Identify the reason you process certain data to make sure it is necessary to keep that data
- - Change consent policies to new guidelines and if applicable, resend out to Data Subjects
- - Update procedures for reporting and investigating a data breach
- - Plan Privacy Impact Assements (PIAs) and where to use them
- * A Data Subject is an individual who's data you hold (any amount of data on them)
A Data Protection Officer is there to help guide you through the process of becoming compliant
What is a DPO?
A Data Protection Officer (DPO) is a role that is designed to provide impartial advice on old and new services that process data for Data Controllers. They contact the ICO on your behalf as an independent party and there for advice when this happens
A good DPO should be experienced about Data Protection and ideally about IT infrastructure. An understanding of IT helps when providing information about new products used for processing data.
A DPO ROLE
A good DPO should be experienced about Data Protection and ideally about IT infrastructure. An understanding of IT helps when providing information about new products used for processing data.
A DPO ROLE
- - Report to highest management
- - Inform and advise Controller
- - Monitor ongoing compliance
- - Provide advice where requested with PIAs
- - Liase with the ICO about Data Breaches
- - Be available for contact if there is a Data Breach
Do I need a dpo?
Under the GDPR, you must appoint a DPO if:
- - you are a public authority (except for courts acting in their judicial capacity);
- - your core activities require large scale, regular and systematic monitoring of individuals (for - - example, online behaviour tracking); or
- - your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
If you are a school then YES, you do need a DPO. This can be daunting but you can appoint a member of your current staff to perform this role. There are a few things to consider when appointing a DPO from your staff.
- - They must be given time to perform their duties
- - They should be respected members who will be listened to
- - They can not have an influence over monetary decisions (conflict of interest for a DPO)
- - They should know about Data protection and IT infrastructure
What is a Data controller
A Data Controller is the organisation that collects personal data and decides how it will be used
What is a Data Processor
A Data Processor is the organisation that processes personal data on behalf of the Data Controller
Useful links
If you want any more detailed information for free please check out these links to find helpful information provided for free from the Information Commissioners office (ICO).
You can also find privacy and policy templates from the ICO and Government Website with the links below
DPO Service
DATA PROTECTION OFFICER FROM KOALA IT
More information on Becoming GDPR compliant
Basic elements of GDPR for schools to attain compliance:
- 1. Tracking/audit/management software
- 2. Legal templates and documentation
- 3. Training
- 4. Telephone support
- 5. Access to a Data Protection Officer (DPO)
- 6. Register with the ICO
- 1. Koala IT recommend using GDPR.co.uk online software, a cloud-based platform where all relevant GDPR data can be managed and maintained, from a central database. Academies (MATs) can also get a special dashboard covering the whole trust. Information, including the benefits of GDPR.co.uk are later in this document. Use of this software by schools would allow Koala IT to have an overview of all schools that we support with the DPO role.
- 2. There is a requirement to have legal documents and templates for ongoing documentation updates. You can produce these yourself, or even adapt your older policies to be in line with the new regulations. Another option is to purchase templates from a company but we recommend looking at the free templates provided by the ICO and GOV.uk
- 3. Training for staff is an ongoing GDPR compliance procedure. GDPR.co.uk provide online training for your staff, including new members of staff as you hire them. Because the software connects to your MIS system, it automatically creates accounts for new members of staff when they start.
- 4. The ICO provide a telephone helpline to provide advice for you. It is great because they are the authority that governs GDPR for the UK. Their phone number is 0303 123 1113 and select option 4 to get through to someone to help you
- 5. A reliable DPO service is essential for schools to comply with GDPR guidelines. This can be provided by a member of staff but they must be provided with enough resources to deliver the role. If not, it can be possible that the school will become non compliant if processes become too cumbersome for the member of staff to perform both duties. The DPO can not be anyone who helps make decision on finances. This is required by law as the services need to be reviewed and the people who decide on them can be biased about their use.
- 6. All schools and companies have to register with the ICO. This registration includes supply of some school information and the details of your DPO.
Detailed DPO Job description
DPO JOB DESCRIPTION
A Data Protection Officer (DPO) is a role designed to be able to help schools (and businesses) become compliant with GDPR and with ongoing compliance. The DPO is there to provide advice, help with information audits and report to the Information Commissioner’s Office (ICO) about breaches and about current compliance. The DPO is not there to do the job of complying - except when contacting the ICO on behalf of the school - but is there to provide information and advice on audits and impact assessments.
The DPO’s job includes:-
A Data Protection Officer (DPO) is a role designed to be able to help schools (and businesses) become compliant with GDPR and with ongoing compliance. The DPO is there to provide advice, help with information audits and report to the Information Commissioner’s Office (ICO) about breaches and about current compliance. The DPO is not there to do the job of complying - except when contacting the ICO on behalf of the school - but is there to provide information and advice on audits and impact assessments.
The DPO’s job includes:-
- To report to/liaise with the highest level of management in school.
- To inform and advise the Data Controller (the school).
- To monitor compliance (through software like GDPR.co.uk).
- To provide advice where requested with PIAs (Privacy Impact Assessments)
- To liaise with the ICO about data breaches on behalf of the school.
KOALA IT DPO SERVICE
Koala IT’s DPOs have undergone training in GDPR compliance (although this is not a legal requirement to become a DPO) so that we can give the best advice and help you through the job of making the school compliant with GDPR. We can provide all of the functionality of the DPO role.
In addition to the above information, we will:
Other benefits to having Koala IT provide your DPO service include:-
PRICING:
To summarise, if a Koala IT managed school wanted to use Koala IT as their DPO and GDPR.co.uk software to ensure compliance, the annual cost to a school for a Koala IT DPO would be:
£236 + £1200 = £1436.00 exc VAT.
If a non - Koala IT managed school wanted to use Koala IT as their DPO and GDPR.co.uk software to ensure compliance, the annual cost to a school for a Koala IT DPO would be:
£236 + £1500 = £1736.00 exc VAT.
Koala IT’s DPOs have undergone training in GDPR compliance (although this is not a legal requirement to become a DPO) so that we can give the best advice and help you through the job of making the school compliant with GDPR. We can provide all of the functionality of the DPO role.
In addition to the above information, we will:
- Advise and help with Impact Assessments.
- Assist school staff to understand their responsibilities within the GDPR framework.
- Provide a day per year to discuss, ensure compliance, train staff and help with the Information Audit. Some companies don’t offer this help but to us it feels essential to successfully provide an adequate level of service due to our knowledge of computer systems.
Other benefits to having Koala IT provide your DPO service include:-
- Staff who understand IT and infrastructure, networking and security in schools - much personal data is held in electronic systems.
- Already familiar with current Data Protection laws (which form a large basis of the GDPR regulations and have not changed).
- Qualified, with GDPR training.
- Understanding software, hardware and the uses of these in the school environment means we can assist the school to identify areas of vulnerability.
- As a company Koala IT work with new IT software and we look into new technologies and their impact on privacy - specifically in the education sector. We prioritise the consideration of online safety, which fits with the idea of the new regulations and their impact on the school environment.
- We would plan to use GDPR.co.uk if possible within the school GDPR framework - for the Information Assets register and audit, for ongoing compliance and for online staff training (especially good for ensuring that new staff are have immediate access to training). This software can also send information automatically to the ICO - for example in the case of a data breach, ensuring that the 72 hour deadline is more easily met.
PRICING:
- For a primary school (no matter the size), the annual cost for GDPR.co.uk software is £236 exc VAT. We would require some sort of GDPR software to perform the DPO task to the optimum.
- The Koala IT DPO service is £1,500 exc. VAT per annum - but £1,200 exc. VAT to schools that have an ICT support contract with us.
To summarise, if a Koala IT managed school wanted to use Koala IT as their DPO and GDPR.co.uk software to ensure compliance, the annual cost to a school for a Koala IT DPO would be:
£236 + £1200 = £1436.00 exc VAT.
If a non - Koala IT managed school wanted to use Koala IT as their DPO and GDPR.co.uk software to ensure compliance, the annual cost to a school for a Koala IT DPO would be:
£236 + £1500 = £1736.00 exc VAT.
To contact us about GDPR please use the link below
GDPR.co.uk
GDPR.co.uk is a great piece of online software to provide management for you information audits, staff training and can even report to the ICO on behalf of you and your DPO if it is deemed necessary. They also provide a free trial so get over there and give it a try, we think you will be impressed!
Koala IT highly recommend looking at the website GDPR.co.uk for more information regarding what they provide but here is a summary of what they can offer.
Koala IT would provide training for your staff on how to use the software if you were to purchase it through us
GDPR.co.uk is a great piece of online software to provide management for you information audits, staff training and can even report to the ICO on behalf of you and your DPO if it is deemed necessary. They also provide a free trial so get over there and give it a try, we think you will be impressed!
Koala IT highly recommend looking at the website GDPR.co.uk for more information regarding what they provide but here is a summary of what they can offer.
Koala IT would provide training for your staff on how to use the software if you were to purchase it through us