Data protection for schools

Flexible DPO service at cost-effective rates

Get a quote

The benefits of outsourcing your Data Protection Officer (DPO) duties to Bulletproof

Lower Costs

Specialist compliance management for your school through cost-effective packages with a tailored approach.

Qualified Consultants

Our team is made up of certified DPOs and GDPR practitioners experienced in working with educational settings.

Data Knowledge

Expert advice on the use of child data and parental consents for peace of mind internally and for the parents of pupils.

Staff Training

Our DPO service includes GDPR awareness training for all staff members via our training portal.

Here’s what our customers say about us


Data Protection Experts at Bulletproof Data Protection Experts at Bulletproof

Data Protection Experts for your School

Public authority schools, colleges, universities, and childcare provisions are legally required to appoint a Data Protection Officer (DPO). To manage GDPR compliance successfully, it is important to select a DPO option that is suited to the individual requirements and budget of your organisation, whilst also adhering to the regulation requirements.

Our DPOs are certified GDPR practitioners and data privacy experts. With experience working alongside educational institutions for their data protection and cyber security requirements, we are well versed at guiding schools through their compliance journey.


Legal and technical experts at Bulletproof Legal and technical experts at Bulletproof

Legal and technical expertise

We are uniquely positioned to deliver a comprehensive dpo as a service through extensive technical and legal experience. Our DPOs operate within a wider cyber security team for a robust understanding of information security. We are also partnered with leading London law firm, Edwin Coe LLP, for support regarding GDPR law and practices.

View Our Packages

Why choose our DPO for schools service?

Each of our tailored DPO packages includes additional features as standard, including a dedicated compliance portal for documentation management. Our DPO team will also provide:

  • GDPR awareness training for all staff members via our training portal
  • Liaison with the supervisory authorities and data subjects on your behalf
  • Advice on the use of children’s personal data and parental consents
  • Full data breach support for correct and swift remediation
  • Support with third-party suppliers’ contracts to cover data protection
  • Advice on the use of pupil photography and permissions
  • Documentation advice and review for your policies and procedures
  • Support with Data Protection Impact Assessments (DPIAs)
  • Risk assessment guidance
  • Advice on data flow mapping activities
  • Guidance on implementing a compliance culture
  • Dedicated compliance portal for documentation storage

Find the DPO package that best suits your educational setting

Our virtual DPO for schools packages are tailored to the setting size based on pupil numbers. We understand each establishment has its own requirements so we’re happy to tailor a solution to best serves your needs.

Contact us today to discuss your data protection requirements.

Cyber Essentials
Small School Medium School Large School
Number of pupils Up to 100 pupils 101 – 300 pupils Over 301 pupils
Number of sites One One One or multiple
Gap Analysis required? Crossed circle icon Checked circle icon Checked circle icon
DPO time Up to 4 hours per month Up to one day per month Customised to suit your requirement
Kick-off call Checked circle icon Checked circle icon Checked circle icon
Monthly progress call Checked circle icon Checked circle icon Checked circle icon
GDPR training call Checked circle icon Checked circle icon Checked circle icon
Compliance portal access Checked circle icon Checked circle icon Checked circle icon
Notifications service* Checked circle icon Checked circle icon Checked circle icon
Annual audit Crossed circle icon Crossed circle icon Checked circle icon
Price £535 pcm (ex VAT) £895 pcm (ex VAT) £POA

Note: A GDPR Gap analysis is required for medium and large schools before the DPO service can commence. This is offered at a discounted rate for educational establishments.

*Notification service coming soon. Please speak to your Bulletproof account manager for more information.

Get a quote

Additional support at Bulletproof Additional support at Bulletproof

Additional support for your DPO

Our data privacy advisor package is ideally suited for those with an internally appointed DPO but need a little extra support and guidance. Our certified GDPR practitioners can assist with advice on data breaches, data subject access requests and any other aspect of the Regulation.

Providing up to two-hours of remote support each month, this package gives you the reassurance of expert advice when you need it most. Get started from £295 per month. Get in touch via the contact form below.


Get a quote today

Let our team of qualified, experienced DPOs manage your data protection obligations

(1,500 characters limit)

For more information about how we collect, process and retain your personal data, please see our privacy policy.


Frequently asked questions

Is my school legally required to have a DPO?

The GDPR dictates that you must appoint a DPO if you are a public authority or body, or if you carry out certain types of processing activities such as regular and systematic monitoring of individuals, or large-scale processing of sensitive data. For most schools, this will mean a named DPO registered with the ICO is a legal requirement.

How does the ICO audit schools?

The Information Commissioner’s Office (ICO) conducted audits of GDPR compliance on almost 380 schools during 2019. They also issued penalty fines of up to £400 to many more for failure to pay their data protection fee, a basic requirement of compliance. All public authorities, schools and trusts are required to register the name of the DPO and pay their annual registration fee.

Who can be a school’s DPO?

The GDPR states that your chosen DPO must be independent and have no conflicts of interest. This makes it difficult for any member of the senior management or admin team to take on the role of a DPO as there will likely be a conflict of interest with their other duties.

You also need to ensure your DPO has enough clout within the school to influence senior management and the wider team.

Why should I outsource my DPO?

Outsourcing a Data Protection Officer is more cost-effective than an internal hire, particularly as you only pay for the time you require, (save on overheads, holiday cover etc). You will satisfy the requirements of Article 38 that state your selected DPO must be independent and suffer no conflicts of interest with the school’s operations.

You also benefit from access to a wide team of certified GDPR practitioners, data protection professionals and technical experts rather than limiting your organisation to the experience of one individual.

What skills does a DPO need?

Your DPO must have extensive knowledge and understanding of the GDPR and UK Data Protection Act 2018. They must also have an understanding of information technologies and data security. This is important as your DPO needs to advise on how to handle a data breach if it occurs and recommend processes for preventing them.


Trusted cyber security & compliance services from a certified provider