A data protection officer must become an expert in GDPR law and practice. Unfortunately, schools don’t operate like the businesses described in generic GDPR training.
The DPO must understand the contents of the GDPR, the new Data Protection Act and the Freedom of Information Act. They must also consider the many other pieces of legislation and regulation which govern the use of information in schools.
In addition, the DPO must be able to make the decisions about risk that are required in breach reporting and the choices about the redaction and release of information in SARs. The DPO must provide support for residual risk evaluation in data protection impact assessments and offer general advice to staff, data subjects and other stakeholders.
This programme mixes training days and directed study. A person following the course will gain the knowledge and tools, so they can confidently take up their role as a DPO. We recommend that two people go through the programme. This gives you cover for holidays and sickness and additionally provides your designated DPO with someone to discuss decisions with.