DataProtect™ is an all in one Data Protection Service for Schools comprising of consultancy services, policy development, staff training and advice for your school – for one annual fixed cost.
Worried about the consequences of failing to comply with GDPR and the Data Protection Regulations?
DataProtect™ from Ark, is your fully managed privacy program for a single annual cost. No hidden costs, just outsource this body of work to Ark and let us deal with Data Breaches, Subject Access Requests, Policy Updates and Staff Training.
GDPR, for most schools, can seem complex and time-consuming, which is why we have developed an all in one Data Protection Protection Service for your school.
As a competency-based profession, we have the necessary qualifications, knowledge and experience to help you address your school’s GDPR obligations all year round.
A GDPR Review will be held annually with key stakeholders including Management, Administration and Postholders to understand how the school handles personal data. Through these workshops we’ll advise solutions for each department and agree an action plan for each group.
GDPR for most schools can seem complex and time-consuming, which is why we simplify the process through a pre-agreed action plan for the school. This will allow management to delegate actions in line with our recommendations, the school’s budget and competing priorities.
Article 30 of the GDPR requires controllers and processors to maintain a record of data processing activities (RoPAs). RoPAs include process activity information, such as the purpose of processing, legal basis, consent status, cross-border transfers, DPIA status and more. Data mapping helps schools comply with GDPR by collecting and maintaining a list of data processing activities. Ark will document which systems in the school contain personal data, the purpose of the data, the school’s legal basis for processing and what security measures are in place to protect that data. i.e. student exam results, staff records, board of management minutes, SEN Records, CCTV footage etc.
Article 35 of the GDPR requires schools to carry out data protection impact assessments (DPIAs) where processing is likely to result in a high risk to individuals. Such a DPIA must consider the nature, scope, context, and purposes of the processing under the GDPR. DPIAs are mandatory for any new high-risk processing projects, i.e. CCTV Use. The DPIA process will allow you to make informed decisions about the acceptability of data protection risks and help you communicate effectively with the individuals affected.
Article 5(1)(e) of the GDPR requires schools to define and implement a Records Retention Policy for data under your control. We’ll work with key staff to define a system that ensures that this can be managed efficiently in your school.
Ark will then prepare the policies of the school in managing the day to day processing of personal data including:
Article 28 of the GDPR prescribes the provisions which must be included in a Data Processing Contract between a Controller and a Processor. Ark will ensure that the necessary Data Processing Agreements are in place with key suppliers as per the requirements of GDPR i.e., IT Contractors, Hosting Providers, Payroll Software, other service providers etc.
Any processing of personal data should be lawful, fair, and transparent. It should be clear and transparent to individuals that personal data concerning them are collected, used, consulted or otherwise processed, and to what extent the personal data are, or will be, processed. The right to be informed, under Articles 13 and 14 GDPR, is a key part of any school’s obligations to be transparent. Ark will review, prepare and update Privacy Notices for the school website, enrolment forms, application forms, email signatures, CCTV Notices etc.
Training is an ongoing legal requirement for Boards of Management and school leaders. However, a lack of sector-specific training leads to lower course engagement. Affording staff the time and headspace to carry out this necessary training is often the most difficult challenge.
The Ark Academy™ is designed to engage and educate school staff on essential topics such as GDPR. Ark specifically designed these courses for school staff, both in terms of context and content.
We then maintain the GDPR Compliance Pack and the measures taken at the school to meet these obligations. This will include a collated set of documentation prepared specifically for the school demonstrating compliance with the GDPR.
We’re available to the school to answer questions, queries or concerns regarding GDPR. Had a Data Breach? Have a Subject Access Request? Dealing with Suppliers in the UK and worried about Brexit and GDPR Compliance? Knowing that we’re available to answer these queries provides peace of mind for school management teams.
Outsourcing the day the day management of GDPR to Ark frees up time to focus on your students, staff and the wider school community.
You have cost certainty with our fixed-fee model tied to capitation, and our experience tells us you won't need more than what we offer with our DataProtect™ product.
Get true peace of mind knowing that your Privacy Program is being managed by a team of professionals who know how schools work.
We have the expertise to help simplify complex GDPR legislation, find workable solutions to these challenges, and protect your school from the rising cost of non-compliance.
Datasafe™ can support all staff in your school, from those managing tours and trips to those implementing new technologies. Now they have timely support on GDPR matters.
By incorporating The Ark Academy™ into DataProtect™, you now get tailored training for all your staff ensuring they also follow best practice.
We will retain and process personal data you provide us in relation to the service that is relevant to you. After that initial contact, if you do not wish to be contacted again we will respect your wishes and delete your contact information from our database. For more information please see our privacy notice.
