DPO for Schools Education Sector Specialist
Specialist external Data Protection Officer services for primary schools, secondary schools, academies and multi-academy trusts. Over 80 schools supported. GDPR compliance monitoring, SAR and FOI handling, INSET day training, breach support, ICO liaison and annual governor reports.
Schools DPO Services
Everything your school needs for GDPR compliance.
DPO Appointment
Formal Article 37 appointment as your school's DPO. Published contact, ICO notification, independence and reporting to headteacher and governors as required.
School GDPR Audit
Comprehensive audit of your school's data protection practices — MIS security, data sharing agreements, privacy notices, consent, retention, website compliance and staff awareness.
SAR & FOI Handling
Full management of parental SARs, staff SARs and FOI requests. System searches across SIMS/Arbor/CPOMS, exemption assessment, redaction and timely response.
INSET Day Training
GDPR awareness for all school staff delivered on INSET days or twilight sessions. Pupil data handling, photography, social media, breach reporting and individual responsibilities.
Breach Response
Immediate support when breaches occur — misdirected emails, lost USB drives, MIS access issues, parental data disclosed incorrectly. Assessment, ICO notification and remediation.
DPIA for New Systems
Assessment and DPIA support when implementing new MIS, CCTV, biometrics, behaviour monitoring, cloud migration or data sharing with new external agencies.
Governor Reports
Annual compliance report to governors covering GDPR status, activities, incidents, training, risks and recommendations. Board-ready documentation demonstrating governance.
MAT-Wide Services
Single DPO across all trust schools. Consistent policies, centralised SAR handling, trust-wide training, board reporting and cross-school compliance coordination.
Risk Assessments for Your Sector
Every industry has different hazards. We tailor every assessment to your specific sector and operations.
Factories & Warehousing
Machinery, forklift, racking, noiseTransport & Logistics
Depot safety, loading bays, vehiclesConstruction
CDM, excavations, heights, demolitionSchools & Education
Classrooms, labs, playgrounds, tripsCare & Healthcare
Patient handling, clinical, infectionChemical
Process safety, COSHH, DSEARHospitality
Kitchens, fire, slips, public safetySMEs & Offices
DSE, fire, general workplaceCharities
Events, lone working, volunteersHow We Carry Out a Risk Assessment
Appointment
Formal DPO appointment for your school or MAT. ICO notification, published contact details and establishment of reporting arrangements with headteacher and governors.
GDPR Audit
Comprehensive audit of your school's current data protection position — systems, policies, practices, staff awareness and documentation.
Compliance Programme
Prioritised programme to address audit findings — privacy notices, data sharing agreements, retention schedules, consent mechanisms and procedures.
INSET Training
GDPR awareness training for all staff on an INSET day. Practical, school-specific content with real scenarios teachers and support staff will recognise.
Ongoing DPO Support
Year-round DPO function — SAR/FOI handling, DPIA advice, breach support, ICO liaison, legislative updates, policy reviews and annual governor report.
Schools DPO FAQ
Does my school legally need a DPO?
Yes. All maintained schools, academies, free schools and MATs are public authorities under UK GDPR and must appoint a DPO under Article 37. The DPO can be internal or external. RADCaT provides cost-effective external DPO services specifically for the education sector.
How much does a school DPO cost?
Annual retainer based on school size, phase and complexity. Typically a small fraction of what an internal DPO appointment would cost. MAT packages offer per-school rates that reduce with scale. All services included — no hourly extras.
Can one DPO cover a whole MAT?
Yes. A single DPO can serve all schools within a MAT, provided they are accessible to each school. RADCaT provides trust-wide DPO services with consistent standards, centralised processes and board-level reporting.
What about CPOMS and safeguarding data?
CPOMS contains some of the most sensitive data in any school. We ensure your CPOMS access controls, data sharing settings and retention practices are GDPR-compliant. We handle SARs involving CPOMS data with appropriate safeguarding exemptions applied.
Do you deliver INSET training?
Yes. We regularly deliver GDPR awareness training on INSET days — typically 1-1.5 hours covering practical data handling scenarios that teachers and support staff encounter daily. No supply cover needed.
How do you handle parental SARs?
Parental SARs require careful handling — balancing the parent's right of access with the child's privacy rights (particularly older pupils), safeguarding exemptions, third-party data and legal privilege. We manage the entire process professionally and within timescales.
What governor reporting do you provide?
A comprehensive annual compliance report covering GDPR status, DPO activities, audits conducted, SARs/FOIs handled, breaches (if any), training delivered, risks identified and recommendations for the year ahead. Board-ready documentation.
Need a School DPO?
Get in touch for a free discussion. We'll explain our service and provide a tailored quote for your school or MAT.