DataProtect™ is an all in one Data Protection Service for Schools comprising of consultancy services, policy development, staff training and advice for your school – for one annual fixed cost.
Worried about the consequences of failing to comply with GDPR and the Data Protection Regulations?
DataProtect™ from Ark, is your fully managed privacy program for a single annual cost. No hidden costs, just outsource this body of work to Ark and let us deal with Data Breaches, Subject Access Requests, Policy Updates and Staff Training.
GDPR, for most schools, can seem complex and time-consuming, which is why we have developed an all in one Data Protection Protection Service for your school.
As a competency-based profession, we have the necessary qualifications, knowledge and experience to help you address your school’s GDPR obligations all year round.
A GDPR Review will be held annually with key stakeholders including Management, Administration and Postholders to understand how the school handles personal data. Through these workshops we’ll advise solutions for each department and agree an action plan for each group.
GDPR for most schools can seem complex and time-consuming, which is why we simplify the process through a pre-agreed action plan for the school. This will allow management to delegate actions in line with our recommendations, the school’s budget and competing priorities.
Article 30 of the GDPR requires controllers and processors to maintain a record of data processing activities (RoPAs). RoPAs include process activity information, such as the purpose of processing, legal basis, consent status, cross-border transfers, DPIA status and more. Data mapping helps schools comply with GDPR by collecting and maintaining a list of data processing activities. Ark will document which systems in the school contain personal data, the purpose of the data, the school’s legal basis for processing and what security measures are in place to protect that data. i.e. student exam results, staff records, board of management minutes, SEN Records, CCTV footage etc.
Article 35 of the GDPR requires schools to carry out data protection impact assessments (DPIAs) where processing is likely to result in a high risk to individuals. Such a DPIA must consider the nature, scope, context, and purposes of the processing under the GDPR. DPIAs are mandatory for any new high-risk processing projects, i.e. CCTV Use. The DPIA process will allow you to make informed decisions about the acceptability of data protection risks and help you communicate effectively with the individuals affected.
Article 5(1)(e) of the GDPR requires schools to define and implement a Records Retention Policy for data under your control. We’ll work with key staff to define a system that ensures that this can be managed efficiently in your school.
Ark will then prepare the policies of the school in managing the day to day processing of personal data including:
Article 28 of the GDPR prescribes the provisions which must be included in a Data Processing Contract between a Controller and a Processor. Ark will ensure that the necessary Data Processing Agreements are in place with key suppliers as per the requirements of GDPR i.e., IT Contractors, Hosting Providers, Payroll Software, other service providers etc.
Any processing of personal data should be lawful, fair, and transparent. It should be clear and transparent to individuals that personal data concerning them are collected, used, consulted or otherwise processed, and to what extent the personal data are, or will be, processed. The right to be informed, under Articles 13 and 14 GDPR, is a key part of any school’s obligations to be transparent. Ark will review, prepare and update Privacy Notices for the school website, enrolment forms, application forms, email signatures, CCTV Notices etc.
Training is an ongoing legal requirement for Boards of Management and school leaders. However, a lack of sector-specific training leads to lower course engagement. Affording staff the time and headspace to carry out this necessary training is often the most difficult challenge.
The Ark Academy™ is designed to engage and educate school staff on essential topics such as GDPR. Ark specifically designed these courses for school staff, both in terms of context and content.
We then maintain the GDPR Compliance Pack and the measures taken at the school to meet these obligations. This will include a collated set of documentation prepared specifically for the school demonstrating compliance with the GDPR.
We’re available to the school to answer questions, queries or concerns regarding GDPR. Had a Data Breach? Have a Subject Access Request? Dealing with Suppliers in the UK and worried about Brexit and GDPR Compliance? Knowing that we’re available to answer these queries provides peace of mind for school management teams.
We will retain and process personal data you provide us in relation to the service that is relevant to you. After that initial contact, if you do not wish to be contacted again we will respect your wishes and delete your contact information from our database. For more information please see our privacy notice.