Efficient Records Management

As part of our DPO services, we offer GDPR compliance audits to help schools ensure that they are meeting their obligations to the ICO (Information Commissioner's Office) and to identify areas where improvements need to be made. This helps cover all processes a school uses in collecting and using personal data.

Due to the sensitivity of the data schools process daily we perform an information audit as part of the roadmap and will check in several times throughout the academic year to check in and perform an audit on any new processes introduced.

As part of the audit, we check the processes against the main principles of GDPR:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

These principles act as the foundation of our audits and ensure that the school is covering these as a minimum. Our compliance department adopts a risk-focused approach to the audit process, as part of the roadmap we perform an impact assessment on all necessary processes'. 

This is to look at how we can minimise the level of risk a school or trust faces and suggest suitable steps to make processes more secure. We perform follow ups, to ensure the school is satisfied with the next steps and see if any new processes are in place which require an assessment