The benefits of outsourcing your Data Protection Officer (DPO) duties to Bulletproof
Specialist compliance management for your school through cost-effective packages with a tailored approach.
Our team is made up of certified DPOs and GDPR practitioners experienced in working with educational settings.
Expert advice on the use of child data and parental consents for peace of mind internally and for the parents of pupils.
Our DPO service includes GDPR awareness training for all staff members via our training portal.
Here’s what our customers say about us
We chose Bulletproof as our school DPO as they had impressive knowledge of the data privacy requirements within our industry. Our consultant is always on-hand to assist with reviewing and updating our internal procedures, as well as providing quick responses to our data protection queries. Bulletproof is professional and friendly - a great extension to our team.
Data Protection Experts for your School
Public authority schools, colleges, universities, and childcare provisions are legally required to appoint a Data Protection Officer (DPO). To manage GDPR compliance successfully, it is important to select a DPO option that is suited to the individual requirements and budget of your organisation, whilst also adhering to the regulation requirements.
Our DPOs are certified GDPR practitioners and data privacy experts. With experience working alongside educational institutions for their data protection and cyber security requirements, we are well versed at guiding schools through their compliance journey.
Legal and technical expertise
We are uniquely positioned to deliver a comprehensive data protection service through extensive technical and legal experience. Our DPOs operate within a wider cyber security team for a robust understanding of information security. We are also partnered with leading London law firm, Edwin Coe LLP, for support regarding GDPR law and practices.View Our Packages
Why choose our DPO for schools service?
Each of our tailored DPO packages includes additional features as standard, including a dedicated compliance portal for documentation management. Our DPO team will also provide:
- GDPR awareness training for all staff members via our training portal
- Liaison with the supervisory authorities and data subjects on your behalf
- Advice on the use of children’s personal data and parental consents
- Full data breach support for correct and swift remediation
- Support with third-party suppliers’ contracts to cover data protection
- Advice on the use of pupil photography and permissions
- Documentation advice and review for your policies and procedures
- Support with Data Protection Impact Assessments (DPIAs)
- Risk assessment guidance
- Advice on data flow mapping activities
- Guidance on implementing a compliance culture
- Dedicated compliance portal for documentation storage
Find the DPO package that best suits your educational setting
Our virtual DPO for schools packages are tailored to the setting size based on pupil numbers. We understand each establishment has its own requirements so we’re happy to tailor a solution to best serves your needs.
Contact us today to discuss your data protection requirements.
|Small School||Medium School||Large School|
|Number of pupils||Up to 100 pupils||101 – 300 pupils||Over 301 pupils|
|Number of sites||One||One||One or multiple|
|Gap Analysis required?|
|DPO time||Up to 4 hours per month||Up to one day per month||Customised to suit your requirement|
|Monthly progress call|
|GDPR training call|
|Compliance portal access|
|Price||£535 pcm (ex VAT)||£895 pcm (ex VAT)||£POA|
Note: A GDPR Gap analysis is required for medium and large schools before the DPO service can commence. This is offered at a discounted rate for educational establishments.
*Notification service coming soon. Please speak to your Bulletproof account manager for more information.Get a quote
Additional support for your DPO
Our data privacy advisor package is ideally suited for those with an internally appointed DPO but need a little extra support and guidance. Our certified GDPR practitioners can assist with advice on data breaches, data subject access requests and any other aspect of the Regulation.
Providing up to two-hours of remote support each month, this package gives you the reassurance of expert advice when you need it most. Get started from £295 per month. Get in touch via the contact form below.
Get a quote today
Let our team of qualified, experienced DPOs manage your data protection obligations
Frequently asked questions
Is my school legally required to have a DPO?
The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data. For most schools, this will mean a named DPO registered with the ICO is a legal requirement.
How does the ICO audit schools?
The Information Commissioner’s Office (ICO) conducted audits of GDPR compliance on almost 380 schools during 2019. They also issued penalty fines of up to £400 to many more for failure to pay their data protection fee, a basic requirement of compliance. All public authorities, schools and trusts are required to register the name of the DPO and pay their annual registration fee.
Who can be a school’s DPO?
The GDPR states that your chosen DPO must be independent and have no conflicts of interest. This makes it difficult for any member of the senior management or admin team to take on the role of a DPO as there will likely be a conflict of interest with their other duties.
You also need to ensure your DPO has enough clout within the school to influence senior management and the wider team.
Why should I outsource my DPO?
Outsourcing a Data Protection Officer is more cost-effective than an internal hire, particularly as you only pay for the time you require, (save on overheads, holiday cover etc). You will satisfy the requirements of Article 38 that state your selected DPO must be independent and suffer no conflicts of interest with the school’s operations.
You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.
What skills does a DPO need?
Your DPO must have extensive knowledge and understanding of the GDPR and UK Data Protection Act 2018. They must also have an understanding of information technologies and data security. This is important as your DPO needs to advise on how to handle a data breach if it occurs and recommend processes for preventing them.