Free Gap Analysis with all DPO contracts purchased on a 12 month term before the 31st October 2020

The benefits of outsourcing your Data Protection Officer (DPO) duties to Bulletproof

Lower Costs

Lower Costs

Specialist compliance management for your school through cost-effective packages with a tailored approach.

Qualified Consultants

Qualified Consultants

Our team is made up of certified DPOs and GDPR practitioners experienced in working with educational settings.

Data Knowledge

Data Knowledge

Expert advice on the use of child data and parental consents for peace of mind internally and for the parents of pupils.

Staff Training

Staff Training

Our DPO service includes GDPR awareness training for all staff members via our training portal.

We chose Bulletproof as our school DPO as they had impressive knowledge of the data privacy requirements within our industry. Our consultant is always on-hand to assist with reviewing and updating our internal procedures, as well as providing quick responses to our data protection queries. Bulletproof is professional and friendly - a great extension to our team.


Bryon White  Head of Legal Services, London School of Science and Technology


Data Protection Experts for your School

Public authority schools, colleges, universities, and childcare provisions are legally required to appoint a Data Protection Officer (DPO). To manage GDPR compliance successfully, it is important to select a DPO option that is suited to the individual requirements and budget of your organisation, whilst also adhering to the regulation requirements.

Our DPOs are certified GDPR practitioners and data privacy experts. With experience working alongside educational institutions for their data protection and cyber security requirements, we are well versed at guiding schools through their compliance journey.


Legal and technical expertise

We are uniquely positioned to deliver a comprehensive data protection service through extensive technical and legal experience. Our DPOs operate within a wider cyber security team for a robust understanding of information security. We are also partnered with leading London law firm, Edwin Coe LLP, for support regarding GDPR law and practices.


Why choose our DPO for schools service?

Each of our tailored DPO packages includes additional features as standard, including a dedicated compliance portal for documentation management. Our DPO team will also provide:

  • GDPR awareness training for all staff members via our training portal
  • Liaison with the supervisory authorities and data subjects on your behalf
  • Advice on the use of children’s personal data and parental consents
  • Full data breach support for correct and swift remediation
  • Support with third-party suppliers’ contracts to cover data protection
  • Advice on the use of pupil photography and permissions
  • Documentation advice and review for your policies and procedures
  • Support with Data Protection Impact Assessments (DPIAs)
  • Risk assessment guidance
  • Advice on data flow mapping activities
  • Guidance on implementing a compliance culture
  • Dedicated compliance portal for documentation storage

Find the DPO package that best suits your educational setting

Our virtual DPO for schools packages are tailored to the setting size based on pupil numbers. We understand each establishment has its own requirements so we’re happy to tailor a solution to best serves your needs.

Contact us today to discuss your data protection requirements.

Cyber Essentials
Small SchoolMedium SchoolLarge School
Number of pupilsUp to 100 pupils101 - 300 pupilsOver 301 pupils
Number of sitesOneOneOne or multiple
Gap Analysis required?Crossed circle iconChecked circle iconChecked circle icon
DPO timeUp to 4 hours per monthUp to one day per monthCustomised to suit your requirement
Kick-off callChecked circle iconChecked circle iconChecked circle icon
Monthly progress callChecked circle iconChecked circle iconChecked circle icon
GDPR training callChecked circle iconChecked circle iconChecked circle icon
Compliance portal accessChecked circle iconChecked circle iconChecked circle icon
Notifications service*Checked circle iconChecked circle iconChecked circle icon
Annual auditCrossed circle iconCrossed circle iconChecked circle icon
Price£535 pcm (ex VAT)£895 pcm (ex VAT)£POA

Note: A GDPR Gap analysis is required for medium and large schools before the DPO service can commence. This is offered at a discounted rate for educational establishments.

*Notification service coming soon. Please speak to your Bulletproof account manager for more information.


Additional support for your DPO

Our data privacy advisor package is ideally suited for those with an internally appointed DPO but need a little extra support and guidance. Our certified GDPR practitioners can assist with advice on data breaches, data subject access requests and any other aspect of the Regulation.

Providing up to two-hours of remote support each month, this package gives you the reassurance of expert advice when you need it most. Get started from £295 per month. Get in touch via the contact form below.


Get a quote today

Let our team of qualified, experienced DPOs manage your data protection obligations

By submitting this form, I agree to the Bulletproof privacy policy.


Frequently asked questions

Is my school legally required to have a DPO?

The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data. For most schools, this will mean a named DPO registered with the ICO is a legal requirement.

How does the ICO audit schools?

The Information Commissioner’s Office (ICO) conducted audits of GDPR compliance on almost 380 schools during 2019. They also issued penalty fines of up to £400 to many more for failure to pay their data protection fee, a basic requirement of compliance. All public authorities, schools and trusts are required to register the name of the DPO and pay their annual registration fee.

Who can be a school’s DPO?

The GDPR states that your chosen DPO must be independent and have no conflicts of interest. This makes it difficult for any member of the senior management or admin team to take on the role of a DPO as there will likely be a conflict of interest with their other duties.

You also need to ensure your DPO has enough clout within the school to influence senior management and the wider team.

Why should I outsource my DPO?

Outsourcing a Data Protection Officer is more cost-effective than an internal hire, particularly as you only pay for the time you require, (save on overheads, holiday cover etc). You will satisfy the requirements of Article 38 that state your selected DPO must be independent and suffer no conflicts of interest with the school’s operations.

You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.

What skills does a DPO need?

Your DPO must have extensive knowledge and understanding of the GDPR and UK Data Protection Act 2018. They must also have an understanding of information technologies and data security. This is important as your DPO needs to advise on how to handle a data breach if it occurs and recommend processes for preventing them.

Our experts are the ones to trust when it comes to your cyber security

  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre