How PRIVACY HELPER Supports Schools and Multi Academy Trusts

PRIVACY HELPER’s mission is to help businesses by providing expert privacy guidance and aid with data protection compliance with zero-fuss, giving you the power and resources to do more. We aim to seamlessly integrate with your organisation and give you compliance solutions, enabling you to safeguard your personal data, meaning your customers and suppliers can trust you.

One of our core areas of expertise is understanding how data protection regulation and practices interact with the education sector. We are experts in data protection and have a team specialising in education, supporting Schools and Multi-Academy Trusts across the UK.

We’re able to aid these organisations in many ways, including some of the most popular services frequently requested by schools and multi academy trusts. These include:

Support with data subject rights requests, most commonly DSARs
Outsourced DPO services
Privacy Support Manager services
Staff training programs
Gap Analysis services
Data Breach support

Keep reading to learn in more detail about these services.

Support with data subject rights requests

Under UK GDPR, data subjects have a series of rights that as an organisation, you must be able to respond to effectively when required. These are:

The right to be informed: Individuals have the right to be informed about the collection, processing and storage of their personal data. You must be prepared to explain what data is collected, why it’s collected, who it may be shared with and how long it’ll be kept for. When these requests come through, PRIVACY HELPER can help you prepare the appropriate response, which will help demonstrate a commitment to keeping their data safe and secure.

The right of access: Individuals (and parents on behalf of their children) have the right to obtain confirmation that their personal data is being stored and processed, and have access to that data. These most often come in the form of Data Subject Access Requests (DSARs), and can be very time consuming, especially when you have to deal with the large amounts of data that a school will often have on a student. In a school specifically, this data can come in many forms, such as emails, behaviour reports, forms, photos or videos and preparing all of this correctly can be very difficult, especially within the necessary time frame. Thankfully, PRIVACY HELPER are experts at complying with requests of this nature, and can complete these for you, leaving you free to work on day-to-day operations

The right to rectification: Individuals have the right to have inaccurate personal data corrected without undue delay. This typically relates to address or contact detail changes. Though usually a simple process, PRIVACY HELPER can ensure that this process is smooth and all requests are quickly complied with.

The right to erasure: Individuals have the right to request that the data you hold on them is deleted in cases where there is no compelling reason for its continued processing. This right is not absolute though, and doesn’t apply in all circumstances. For example, there is a statutory retention on student leaver records, meaning in some cases, a request isn’t able to be complied with. PRIVACY HELPER can help evaluate each instance on a case-by-case basis, so you can be confident that the correct action is taken.

The right to restrict processing: Individuals have the right to suppress the processing of their personal data in cases such as when the accuracy of data is being contested, or if data is no longer needed but required for legal claims. Just like with data erasure, PRIVACY HELPER can help evaluate each case, so the correct action is taken.

The right to data portability: This refers to the right to obtain and re-use data for their own purposes across different services. This is very uncommon in this environment, though you need to be prepared for the rare instance that it does come up.

The right to not be subject to automated decision making: Individuals have the right to not have decisions made about them solely be made by a machine with no human input. PRIVACY HELPER can review and scrutinize your systems and ensure that human oversight is involved for any critical decisions.

Outsourced DPO services

Both schools and academy trusts are considered as public authorities, meaning that it is required under UK GDPR that they appoint a Data Protection Officer (DPO).

The DPO plays an important role in helping the School or Multi Academy Trust ensure you comply with the GDPR – and having someone in that role that only has z basic understanding presents a huge risk. Outsourcing your Data Protection Officer needs to PRIVACY HELPER (even in a supporting role) enables your Multi-Academy Trust to benefit from expert, sector specific guidance without the expense of appointing someone full-time with the same level of expertise we can offer.

For more on how a PRIVACY HELPER outsourced DPO can help your business, take a look at our Outsourced DPO page.

Privacy Support Manager services

In most cases, you probably already have an appointed DPO and may just need support and guidance for them to carry out their responsibilities in the best way possible. We realise nobody is an expert at everything, and privacy is no different. Privacy experts are experts in their own fields, with there rarely being a significant cross-over. Our specialist team has been structured to offer our clients a complete privacy skillset, meaning we truly are a one-stop shop. For this reason, we are your ideal solution as a specialist training provision for your DPO.

You can rely on us to provide regular, scheduled training sessions so our in-house specialists keep your in-house specialists up to date with the latest developments in a fast-moving privacy environment.

Staff training programs

Over two thirds of all reported data breaches are believed to be caused by human error, with the main cause often being that staff often lack a full understanding of data protection principles and best practices. For this reason, frequent staff training is vital, with the ICO themselves acknowledging this.

PRIVACY HELPER offer bespoke face-to-face training for staff, run by our internal team, for yours. Our experts are well versed in a wide range of areas, meaning we can provide the best training courses for your business.

If bespoke training is not suitable, then the PRIVACY HELPER Training Platform offers video training courses your staff can watch, with built in progress tracking and reporting tools.

Our training platform has over 60 courses, each designed in a way to make the content as easy to follow as possible, with the content being designed to be easy to remember. These courses don’t just cover GDPR and data protection matters, but a whole range of topics, such as workplace health and safety, and identifying malware and viruses.

To learn more about the products we have on offer and the benefits, take a look at our GDPR Training page.

Gap Analysis services

A Gap Analysis is a process which aims to identify the differences (gaps) between your businesses’ data protection practices and what is required under data protection laws and regulations. The analysis takes into account areas such as processing activities, how you deal with data subject rights, the security measures you have for personal data and the training programs you have for staff.

During a Gap Analysis, PRIVACY HELPER will:

Conduct a detailed review of your existing data protection framework.
Compare the findings with the requirements of the GDPR and the expectations of the ICO.
Produce a comprehensive compliance and risk-based report that highlights areas of concern.
Agree an Action Plan, outlining the steps you can take to achieve Compliance and reduce Risk.

A PRIVACY HELPER Gap Analysis Report will show how your organisation complies (or should comply) with all elements of data protection ranging from the GDPR’s Principles to how individuals’ rights are supported to how staff are trained and how awareness of responsibilities is maintained.

If you engage with us for remediation or ongoing guidance, will devise a complete compliance plan with tasks and milestones for each project – this will be created in line with the required tasks and your budget.

Take a look at our Gap Analysis page to learn more about how this process is undertaken and the key benefits of having one completed by PRIVACY HELPER.

Data Breach support

Data breaches can come in many forms, but if one thing remains consistent between all businesses, it’s that at some point, one will happen. This could range from anything, whether it be something as simple as an email being sent to the wrong person, or something more severe, such as an unauthorised individual gaining access to your company systems.

GDPR requires you, by law, to investigate and act on a breach within 72 hours of it being discovered. This includes weekends and overnight. PRIVACY HELPER can assist with this process, including assessing if a breach is reportable to the ICO. We can also provide guidance on what remediation steps need to be taken to reduce the likelihood of a repeat incident.

In addition to this, under GDPR, your business is required to establish a process for handling data breaches, and if this hasn’t been done, it should be treated as a priority and is something our specialist consultants can provide guidance on and draft for you.

To learn more about what is considered a data breach, and how PRIVACY HELPER can assist with the investigation and reporting process, take a look at our Data Breach page.

Conclusion

Complying with data protection laws and regulations can be complex and time consuming, especially when your focus is on day-to-day operations. At PRIVACY HELPER, we remove the guesswork and reduce the burden by providing schools and multi academy trusts the tools and support to handle privacy matters with confidence.

Whether you need help responding to rights requests, navigating a data breach or training your staff, our education sector focused experts are prepared to help you every step of the way.

If you’re ready to strengthen your approach to data protection with zero-fuss, get in touch with us today.

Dan Brooks-Tonkin

Dan Brooks-Tonkin is a Data Protection and Information Governance Apprentice at PRIVACY HELPER. PRIVACY HELPER is a pioneering data protection consultancy aimed at assisting companies in navigating the complexities of compliance with the new data protection legislation. Click here to learn about how PRIVACY HELPER can aid your business in an ever changing data protection landscape.