Data Protection Officer

The Trust requires a DPO (Data Protection Officer).  NB the Trust is the data controller. 

The Trust is designated as a public authority or body for the purposes of Data Protection.  This means that the Trust must have a Data Protection Officer (DPO). 

Data Protection Officer email contact: 

Please note that the Trust has a Data Protection Officer contact email.  This ensures queries or requests go directly to the Data Protection Officer and the team that has responsibilities under the Data Protection Act.  The email is: DPO@cheam.sutton.sch.uk  Alternatively, you may write to the Data Protection Officer c/o Cheam High School.

The DPO’s overall responsibilities include::

  • to inform and advise the Academy Trust and its employees of their obligations under the GDPR and other data protection related legislation.
  • To monitor compliance with the GDPR and other data protection legislation.                  
  • To monitor compliance with the Trust’s own data protection related policies, including how the Trust assigns responsibilities, raise awareness and trains staff and the related audits.                            
  • To provide advice in relation to Data Protection Impact Assessments and to check compliance with the article of the GDPR that deals with those (article 35).                              
  • To cooperate with the ICO.                                                                                                      
  • To act as a contact point for the ICO. Prior consultation with the ICO is required whenever a data protection impact assessment indicates that processing would result in high risk in the absence of any mitigating measures which the Trust can take.

 

DPOs are not personally responsible in a case of non-compliance with Data Protection; that remains the responsibility of the Trust. 

Work carried out by the DPO would include:

  • carrying out audits of our systems, policies and procedures and flag up any areas that require further consideration, reporting these to the Trust Board
  • being able to advise on non-routine requests
  • supporting the Trust in the instances of any significant breach of procedures, reporting to the Trust Board
  • being a point of contact for the Information Commissioner’s Office (ICO) as required by the Trust
  • advising on any Data Protection Impact Assessment and the implications for the Trust
  • being a source of expertise and advice as needed; this may include training for Trust staff