JEM Education Support Services Ltd



Is your business, Charity or school GDPR ready?

The new GDPR regulations became effective from 25 May 2018; before the regulations there was a code of practice in place called the Data Protection Directive (1995) and 6 of the current 8 requirements were expected as good practice.  Many organisations already had good practice in place to comply with the Data Protection Directive.  Following a number of serious breaches the new GDPR Regulations were rolled out as law rather than being regarded as good practice. 

The new GDPR regulations should be seen as a positive step, it is in all of our interests that our personal data is safe and treated securely and that we also have more rights in how our data is used. 

Our Director, Rona Metters has spent over 12 years working in the banking, finance and IT industries complying with the Data Protection Directive and undergoing annual training in the requirements. 

Our consultant Josh has undergone training through IT Governance and is a Certified EU General Data Protection Regulation Practitioner.


As a company we will offer you practical advice and solutions  to help your school undertake all the necessary administration to ensure compliance with the GDPR and help you appoint your DPO, whether that is from within school or an external provider.

Make sure that you are GDPR compliant and don't run the risk of a fine or becoming national news.


Have you appointed a Data Protection Officer (DPO)?

Are you aware that appointing your:

  • Head

  • DCPO

  • SBM

  • Network or MIS Manager


as your DPO could be considered as a conflict of interest with their existing role?

Do they have the time or capacity to undertake the additional responsibility of complying with the GDPR, more importantly do they have the necessary experience?  The Information Commissioners Office (ICO) state:

What professional qualities should the DPO have?


  • The GDPR says that you should appoint a DPO on the basis of their professional qualities, and in particular, experience and expert knowledge of data protection law.

  • It doesn’t specify the precise credentials they are expected to have, but it does say that this should be proportionate to the type of processing you carry out, taking into consideration the level of protection the personal data requires.

  • So, where the processing of personal data is particularly complex or risky, the knowledge and abilities of the DPO should be correspondingly advanced enough to provide effective oversight.

  • It would be an advantage for your DPO to also have a good knowledge of your industry or sector, as well as your data protection needs and processing activities.


Schools as part of their day to day activity process personal data and very often complex or risky data, therefore care should be taken when appointing your DPO.

Are you completely confused by what is expected of you?

JEM Education Support Services Ltd can help you!

We offer a bespoke service for your school, charity or business, to enable you to be GDPR ready and compliant. 

Following an initial consultation we will ascertain your current situation and make recommendations accordingly.


We can provide you with all the template documentation necessary and undertake the Information asset audit for you.

Once set up we are also on hand to answer any questions that you might have on an on going basis.

Our business ethos is to provide you with a personal service that fits your school, business or charity, we understand that you are unique and we will tailor our approach accordingly.  

Other services available

Responsible Officer

The role of the Responsible Officer is to conduct an independent, impartial, internal audit of your GDPR compliance.  We can arrange for our consultant to visit you and conduct an audit of your current arrangements and then report to you and/or your governing body so that you can be assured that you are compliant.  Contact us today to organise your Responsible Officer visit.

Staff Training


Ensure your staff are prepared for the expectations that the GDPR regulations put on each individual it is best practice and complies with the Information Commissioner's Office (ICO) recommendations that your staff are trained in these new regulations and remain up to date with the regulations.  Ensure your staff are trained appropriately and that this training is refreshed on an annual basis.  Put in place good practice by ensuring your staff are trained and contact us today to organise your Staff Training.  

Do your staff understand what GDPR is?  Take a look at this training video for staff, GDPR Awareness for School Staff

Check out this School GDPR Mind Map

Read Data Protection Officer Contractors - How to pick the right one and not get ripped off by the cowboys.

For further information contact us 

Covering Bedfordshire, Cambridgeshire, Essex, Hertfordshire, Lincolnshire, Northamptonshire, Suffolk and parts of Norfolk.