DPO Service
Education-first DPO support, done properly
Not advice-only. We get involved, think it through, and help you land calm, defensible decisions — especially when SARs, safeguarding nuance, and third-party data make the “generic GDPR” answer fall apart.
Why choose us
Different by design
Approach
No isn’t our default setting.
We start with the thinking—law, guidance, context, and risk—then give you a clear position you can stand behind.
Delivery
We do the work, not just the opinion.
Advice alone doesn’t ship outcomes. We support delivery: decisions, documentation, and usable outputs.
Education-first
Built for schools and trusts.
Education is different—safeguarding realities, mixed systems, tight deadlines. Our service reflects that environment.
What's included
Clear scope, usable outputs
The aim is practical support you can use — not templates that sit in a folder.
- ✓Named DPO support (education-first)
- ✓Day-to-day advice with clear written decisions
- ✓SAR + FOI handling support (defensible approach)
- ✓Incident & breach support (containment → documentation)
- ✓Deployable policies (no blank-filling)
- ✓DPIA / ROPA support (as appropriate to tier)
- ✓ICO correspondence support (when needed)
Service coverage
What we cover
Data Breach Response
Calm, structured support for containment, assessment, reporting, and records.
ICO Liaison
We handle engagement with the ICO and keep your evidence trail clear if a complaint or incident escalates.
Subject Access Requests
End-to-end SAR handling—from acknowledgement to redaction—with decisions recorded and deadlines met.
ROPA
A maintained Record of Processing Activities that stays current and usable.
DPIA
Practical DPIAs with risk assessed, actions clear, and outputs ready for inspection.
Policy Management
Deployable, school-ready policies that stay consistent as your setting, systems, and guidance change.
FOI Advice
Clear guidance on exemptions, public interest tests, and defensible responses.
Training
Practical staff training—clear, relevant, and designed to improve day-to-day decisions.
Onboarding
A fast, structured start: understand your setting, prioritise gaps, and leave with a clear plan.
How we help
Calm under deadlines
When work is time-sensitive and emotionally charged, structure and defensible decisions matter.
Subject Access Requests
Scope → search → review & redact → output
FOI Requests
Validate → exemptions → response drafting
Incidents
Contain → assess → decide → document
Portal + TruCredits
Tooling and currency that support delivery
Portal keeps work structured and auditable. TruCredits are the currency used for high-effort one-off tasks.
Portal
- ✓Portal is included in Advisory + Comprehensive
- ✓Standalone Portal: you run it day-to-day (we support and oversee)
- ✓Comprehensive: we manage portal operations with you (we run it day-to-day)
TruCredits
- ✓Used for evidence processing, redaction, and policy packs
- ✓Complexity is confirmed up front before extra credits are applied
- ✓Purchased TruCredits roll over until used
FAQ
DPO Service questions
What's the difference between Advisory and Comprehensive?▾
Both include the Portal. In Advisory, you run it day-to-day (we support and oversee). In Comprehensive, we manage portal operations with you (we run it day-to-day).
Can I upgrade from Guidance to Advisory or Comprehensive?▾
Yes. You can upgrade at any time. Changes are pro-rated and we'll confirm the updated pricing and any onboarding adjustments at the point of change.
Is there a minimum term?▾
Plans are billed annually. A 3-year commitment option is available and is billed annually.
What is included in the DPO service?▾
A named, education-first DPO covering day-to-day advice, incident/breach support, SAR/FOI support, deployable policies, and defensible record keeping.
Are you advice-only, or do you get involved?▾
We get involved. We help you scope the work, make defensible decisions, and deliver outputs—policies, SAR/FOI support, and breach response.
Do you default to “no” on parent requests?▾
No. We start with the thinking—law, guidance, context, and risk—then give you a clear position you can stand behind.
Do you provide policies, or just templates?▾
We provide deployable, school-ready policies—no blank-filling.
Do you support SARs and FOI?▾
Yes. We support SAR and FOI handling, including defensible decision-making and clear record keeping.
Do I need the portal to use the DPO service?▾
No. The DPO service stands alone. Portal is included in Advisory and Comprehensive, and can also be purchased separately.
Is there a contract or minimum term?▾
Plans are annual. A 3-year commitment option is available and billed annually.
How quickly will you acknowledge a SAR?▾
We will acknowledge a Subject Access Request (SAR) within 72 hours (3 days).
How long do we have to provide the basic educational record for a SAR?▾
For the basic educational record (typically information held in your MIS), we work to a 15 calendar day timeline.
What do you mean by 'basic educational record'?▾
This usually means core pupil data held in the school’s MIS (for example: attainment, attendance, behaviour, and key pupil record information). Other sources (emails, file shares, safeguarding/behaviour platforms, and document libraries) may require additional handling and time.
Can a SAR be made verbally?▾
Yes. A SAR can be made verbally or in writing. It does not need to mention “SAR” or data protection law—what matters is that it is clear the person is asking for their personal data.
How long do we have to respond to an FOI request?▾
FOI requests normally have a 20 working day deadline. We will confirm the deadline and help you respond in a defensible way (including exemptions where applicable).
Is Portal included in DPO plans?▾
Yes. Portal is included in Advisory and Comprehensive.
Who runs the Portal day-to-day?▾
It depends on what you buy. Standalone Portal: you run it day-to-day (we support and oversee). Advisory: Portal is included and you run it day-to-day (we support and oversee). Comprehensive: Portal is included and we manage portal operations with you (we run it day-to-day).