It is a requirement for any public body to appoint a Data Protection Officer.
A Data Protection Officer (DPO) will ensure that you are compliant with Data Protection legislation, advise on your data protection obligations and assist with carrying out Data Protection Impact Assessments, Subject Access Requests, Freedom of Information Requests and data breaches.
Article 39 UK GDPR defines the tasks of the DPO.
In your school/MAT, you should expect your DPO to deal with the following tasks:
Your DPO must be independent and an expert in data protection law. It can be an internal employee or an externally appointed Data Protection specialist.
If you appoint an existing member of staff, you must ensure that they have the right level of expertise in data protection law and that their role does not cause a conflict of interest.
If the employee holds a role that involves determining the purpose and means for processing personal information, then they cannot act as the DPO.
The DPO must be able to advise and influence the Senior Leadership Team, Governors, Trustees and/or CEO and should be adequately resourced and supported to ensure that they can carry out their role.
Ensure that they are contacted as soon as possible when their advice or assistance is required.
Provide the resources and access they require to carry out their role effectively.
Provide appropriate access to the information required to carry out their role.
Ensure that your DPO reports to your most senior level of management.
If you would like to discuss our Data Protection Officer service please contact email@example.com.