Managing Your School’s Data Protection

Data Protection Officer as a Service (DPOaaS) is a practical and cost-effective solution to manage data protection in schools, trusts and academies when staff don’t have the data protection expertise and knowledge to fulfil their Data Protection Officer (DPO) obligations under the General Data Protection Regulation (GDPR).

The icon that Cantium use to signify their DPO services

Do Schools Need a Data Protection Officer?

Every state funded school or Multi Academy Trust (MAT) as a public authority must pay the data protection registration fee and must appoint a DPO. The GDPR recognises the DPO as a key player in facilitating regulatory compliance, with their appointment mandatory for all public authorities.

Many schools, trusts and academies, particularly smaller ones, may find that the DPO responsibilities are a challenge to deliver, given the breadth of knowledge required on data processing and data security operations, and legal aspects of the GDPR.

The regulation allows organisations to outsource the DPO role to an external provider. With a shortage of individuals trained to handle DPO responsibilities, by outsourcing these tasks and duties you will get access to expert advice and guidance that can help your organisation to address the compliance demands of the GDPR while staying focused on your core business activities.

Did You Know?..

Your DPO cannot be someone who influences the day to day handling of school date i.e. School Business Manager or Finance Manager. This is to ensure the prevention of any conflicts of interest.

Benefits of an External DPO

  • Practical and cost-effective solution to achieve GDPR compliance
  • Access to independent DPO expertise not available internally
  • No conflict of interest between the DPO and other business activities
  • Application of best practice in achieving and maintaining compliance with the GDPR
  • Cost effective compared to an internal appointment
  • Access to GDPR training and compliance solutions
  • An external DPO is more likely to have a collaborative relationship with regulatory authorities
  • Adds an extra layer of accountability and support for your organisation

Outsourced DPO Support to Include

  • Advice and guidance on preparation of reports for board meetings as required
  • Provision of advice on request to support key decision making at board/trust board level
  • Advice and remote support with GDPR compliance
  • Advice and support with the production of a risk register
  • Production of Information Governance Development/Improvement Plan
  • Advice on requests (SAR, FOI, release of education records etc)
  • Unlimited advice and guidance on Issue/Breach Management
  • Reporting of issues to and liaison with ICO

Data Protection Policy for Schools

To meet the GDPR, which came into force in May 2018, all organisations handling personal data, including schools, need to have the right governance measures. A school Data protection policy is required to ensure that personal information is dealt with properly and securely and in accordance with the legislation. Cantium have created our DPO as a Service to assist the school, as the Data Controller, to meet its obligations under the GDPR and DPA.

As part of the annual subscription service, your organisation will be assigned a dedicated DPO officer who will serve as an independent data protection expert to your organisation as set out in the GDPR. The outsourced DPO performs the tasks described in the GDPR allowing you to reach the desired compliance level.


For an all-inclusive data protection service, our GDPRiS service is a cloud-based tool that ensures full GDPR compliance and offers complete GDPR management in schools.

Get in Touch

[contact-form-7 title=”Contact Form”]