Service Description
The General Data Protection Regulation (25th May 2018) requires that all Public Authorities shall appoint a Data Protection Officer.
Under Section 3 (1) (a) (i) Schedule 1 of the Freedom of Information Act, Maintained schools and further and higher education institutions are defined as Public Authorities[1].
“(Recital 97) Where the processing is carried out by a public authority, a person with expert knowledge of data protection law and practices should assist the controller or processor to monitor internal compliance with this Regulation. P18"
Article 37 (2) Allows a group of undertakings to appoint a single data protection officer provided that this person is easily accessible from each establishment.
This SLA gives schools the opportunity to fulfil their obligation to appoint a Data Protection Officer in a cost effective way by sharing a central resource: The Merton School's Data Protection Officer (DPO). It also includes membership of GDPRIS, a cloud based system that enables schools to record and monitor compliance with the GDPR.
Under the GDPR the school remains the Data Controller and compliance with Data Protection Legislation is ultimately the schools responsibility - the Data Protection Officer's role is to direct, advise and assist. Schools that require a substantive arrangement may wish to appoint their own Data Protection Officer.
SLA services offered
The Merton DPO will help schools to ensure
- they comply with all relevant privacy-related legislation
- staff are fully informed of their own responsibilities for acting within the law
- they inform parents, students and employees about the data they hold in line with the expectations of the GDPR
- they have proper risk-based systems of control over the personal data that they process
- they deal promptly and professionally with requests for information.
Specifically the DPO will support with policy development; assist with data flow mapping; provide advice about data sharing; provide support in the event of a data breach and with regard to subject access requests; provide advice and support with regard to data protection impact assessments. The DPO will also monitor the school's progress towards compliance with GDPR, and provide training for staff and governors. The DPO will also support schools with recording compliance in GDPRis.
SLA pricing
| Charge for 1 April 2019 to March 2020 | |
|---|---|
| Primary Schools | |
| 201 to 400 pupils | £833 |
| 401 to 500 pupils | £919 |
| Over 500 pupils | £1,005 |
| Secondary Schools | |
| 801 to 1200 students | £1,137 |
| Over 1201 students | £1,262 |
| Special Schools | £748 |
Contact
If you require additional information please contact:
Derek Crabtree
Schools ICT Support Manager
Tel: 020 8545 4891
Email: derek.crabtree@merton.gov.uk