A DPO for schools, SME’s and Charities

Most schools are too busy to give data protection their full attention. We have specialist data protection officers that are here to help!

We also noticed that small businesses and charities do not have specialist data protection officers.

We realise that the issue of compliance with data protection legislation can be daunting, and detract from your school, business or your charity’s everyday operations.  That is why we have created Data Protection Officer as a Service (DPOaaS), to simplify what you need to do.1

DPOaaS been designed and created to help businesses, schools and charities comply with GDPR (EU General Data Protection Regulation) and existing data protection laws (UK Data Protection Act 2018). ALC realise that the issue of compliance with data protection legislation can be daunting, and detract from your business, schools or your charity’s everyday operations

“Does your organisation process personal data?” “Is your organisation the data controller or processor?”.

Ultimately, your organisation is responsible for the personal data it collects!  If you pass the data you have collected to a third party for processing, you must ensure that the processor treats the data in exactly the same way you would.

If your organisation keeps or processes any information about living people, you are a data controller. If you process personal data but do not have responsibility for that personal data, then you are simply a data processor.

People ask us a lot about “the cloud”, “but what is the cloud?”.  You probably don’t realise that you’re using it already; do you use Microsoft 365 or Google apps? “Yes!” then you are using a cloud-based service already. Most small to medium-sized businesses or Charities use cloud-based technology to save money.  Are your backup services performed by a third party and stored in the cloud? Are you aware that under the GDPR2, these data processors, must treat your organisations’ data with the same levels of privacy and they will be just as liable!  How do you achieve this? What do you need to know? 


With Privacy and Data Protection being front of mind for today’s business owners and schools, the regulatory oversight and increasing exposure to fines have made data a prominent operational risk. 


Despite the prominence of these risks at Board-level, ALC believes the way many organisations manage data or try to build investment cases (outside of cybersecurity) is fundamentally broken. 


At ALC, information is at the heart of our experience across; SME’s, the Education and Not-For-Profit sectors, with over 20 years’ experience in the data protection field.

We provide a fully outsourced service! Contact us to find out more.



1 It is advisable to appoint somebody to hold responsibility for your data compliance.

2 General Data Protection Regulation  Coming 25th May 2018.