9.0 GDPR services from Veritau

Training Opportunities for Schools on the General Data Protection Regulation

Dear school representative

As you will be aware the provisions of the General Data Protection Regulation are replacing the current Data Protection Act on 25 May 2018. This will affect all organisations, including schools, and there are several actions which must be taken to achieve GDPR compliance.

The media are highlighting the challenges that GDPR poses and the significant fines which may be levied for breaches however if you have robust data protection processes in place already many of the provisions of the GDPR will only require minor changes to your existing processes. There is no need to panic but you must be starting to get your house in order now.

You will probably already be aware of the services Veritau is offering to help you on your journey to GDPR compliance – a detailed description of these services can be found below. All of these services are available to book through NYES and if you have any queries please don’t hesitate to contact information.governance@veritau.co.uk

 

90 minute - training session £350

a) What does it cover?

This is a high level training session which introduces the key requirements of the GDPR and signposts you on where to go to for further advice.

There is a maximum 20 delegates per course

b) Who is it intended for?

Headteachers, senior leadership teams, business managers and IT managers

If you can share the cost by inviting along delegates from other schools please do so. Otherwise you may wish instead to purchase the 1 day training and workshop.

Alternatively we have some open sessions arranged where anyone is welcome (£30 per delegate).

If you would be willing to act as a host for an open session (and receive two free places for your staff) please don’t hesitate to contact us.

 

 

1 day workshop £350

a) What does it cover?

Before the workshop we will provide you with a template information asset register and questionnaire for you to complete and return to us

On the day we will deliver the above training in the morning. The afternoon will be a workshop session which will include discussing the documents you have prepared, providing practical advice, highlighting any areas which require further action and answering your questions. We will leave you with a template action plan.

b) Who is it intended for?

Headteachers, senior leadership teams, business managers and IT managers

 

3 day full General Data Protection audit £750

a) What does it cover?

Before the workshop we will provide you with a template information asset register and questionnaire for you to complete and return to us

We will spend some time reviewing the documentation in detail before visiting your school. The audit visit will involve at least one day on site and we will talk to relevant members of staff to better understand the school’s information processes and answer any questions you may have.

We will then provide you with a detailed report on areas where action is required to achieve compliance. We will also provide you with a template action plan. You will have the opportunity to discuss the actions and we will provide practical advice on the next steps.

b) Who is it intended for?

All schools although it will suit larger schools. If you are intending to sign up for the data protection officer support contract outlined below, we would recommend delaying the audit until you have implemented the template documents and guidance included as part of the support contract.

 

Data protection officer annual support contract

a) What does it cover?

This is a high level assurance and advisory service to schools designed to help you comply with GDPR. Importantly it also satisfies the requirement for each school to designate a data protection officer.

We will provide a series of template documents to help schools become GDPR complaint. This will include templates of key documents such as information policies, GDPR asset register, privacy notice etc. We anticipate these templates and guidance will help schools undertake the necessary work to be GDPR compliant by 25 May 2018 (or be well on their way to achieving compliance). We will issue regular newsletters and keep you updated of any changes in the legislation.

The contract comes into effect on 1 April 2018 and we will provide the template documents as of this date, at the latest

In terms of how the service will be delivered we anticipate being able to provide the majority of the support via email and on the telephone. We will visit your school to undertake a compliance audit at least once a year. We will also report back to your leadership team and / or governors’ meeting. In the event that you suffer a data breach we will be there to help mitigate the impact and liaise with the Information Commissioner’s Office.

Note: At the outset of the contract, we expect each school to have achieved an acceptable level of GDPR compliance, or be working towards it, and be able to demonstrate this on request. However we will not conduct an audit of your information governance arrangement at this time. Our assessment of your compliance will be an ongoing process over the duration of the contract.

Below is a list of services which are included as part of the support contract:

  • Advice (unlimited telephone advice on data protection / information governance matters)
  • Regular newsletters and access to a dedicated website for guidance and information
  • Provision of standard templates (policies, privacy notices, information asset registers etc)
  • Data Protection Officer (including all mandatory duties plus annual report to governors)
  • Correspondence and liaison with the ICO
  • Training (two free places on training courses each year)
  • Subject access and Freedom of Information Act requests (up to 10 hours of support each year to respond to requests)
  • Information Asset Register maintenance / records management (up to 10 hours of support each year to help maintain registers)

b) Who is it intended for?

All schools

c) The annual cost for a single school is based on pupil numbers as follows:

 

< 50 pupils - £400

50 – 99 pupils - £600

100 – 499 pupils - £900

500 – 1,000 pupils - £1,200

>1,000 pupils - £1,800

 

The charge for a hard federation with a single leadership team / governing body will be calculated on the basis of the total number of pupils within the federation schools. For example, a 4 school federation with 1,200 pupils in total will be charged £1,800. An informal collaboration or loose federation of schools will be charged on an individual school basis (as above) although a discount of 10% will be given if the majority of the member schools receive the service.