Data Protection Officer (DPO) – a new role now required for all public bodies & schools under GDPR legislation.
As of the 25th of May 2018 your school regardless of it’s status (state-run, academy or private) will be required to appoint a data protection officer (DPO). This role can either be an internal appointment or outsourced, however the fundamentals are the same, this person must be “qualified” to complete the role.
The DPO role in schools is mandatory because GDPR states that all Public bodies must appoint a DPO and anyone who’s core business activities involve the “regular and systematic monitoring of data subjects of a large scale”, which is a core part of the education system.
A critical factor for appointing a DPO in any organisation, especially in schools, is that the individual must be free from any conflict of interest, must be able to carry out their duties as DPO without fear for their employment, and they must have a direct route of communication to both senior management and to school governors (should the need arise).
Any person who is appointed to the role of DPO must be able to carry out the following responsibilities;
• Educating all staff on important compliance requirements
• Training staff involved in any form of data processing
• Conducting audits to ensure compliance and to address potential issues proactively
• Serving as the point of contact between the school and GDPR Supervisory Authorities
• Maintaining comprehensive records of all data processing activities
• Delivering and maintaining the schools GDPR compliance project.
All public bodies must appoint a DPO and any business who has regular and systematic monitoring of data subjects of a large scale
These are just some of the responsibilities of a DPO in schools, there are many more and we can provide a full job description to support you school.
Alongside the long list of responsibilities is the requirement for the person to be trained and qualified to complete the role. There is no formal list of required qualifications but a good starting point would be the ED GDPR Foundation course. Your appointed DPO is expected to have “expert knowledge of data protection law and practices.”
With all this said, who is your school going to appoint as their DPO? Can they fulfil the required role? Do you need more guidance?
At Planet IT we are focused on supporting schools in their GDPR compliance projects. Contact one of our GDPR specialists today for more advice and to see how we can help you.