The General Data Protection Regulation (GDPR), and the Data Protection Act 2018 came into force in May 2018. These require any organisation that handles personal data, including schools and academies, to be more accountable for the way they hold and manage that data. In order to maintain ongoing compliance, all schools and academies must have a data protection officer (DPO) in place to ensure that the correct processes and procedures are in place.

    Herts for Learning’s GDPR services have been developed to support leaders and practitioners in educational settings with ensuring GDPR compliance across their setting.

    1) GDPR Toolkit subscription service

    • a full set of resources to enable an educational setting to become GDPR compliant, including templates for policies, privacy notices plus guidance and advice

    • updated in line with requests from users or changes to the regulations or the guidance provided by the Information Commissioner’s Office (ICO)

    • regular GDPR newsletters to inform DPOs about news, provide useful hints and tips, and answer frequently asked questions

    • *NEW* email and telephone support service for DPOs/Data Protection lead

    Cost: £295 p.a. for single sites, £150 p.a. for additional sites*

    Purchase the GDPR toolkit through a one off payment online purchased through a credit card, or if you have Direct Debit agreements with Herts for Learning, you can download the order form below and pay in monthly instalments.


    2) Enhanced Data Protection Officer (DPO) Service

    A full service to monitor all aspects of GDPR implementation and compliance, including specific guidance and advice for handling breaches and responding to information requests.

    In addition to the GDPR toolkit and email and telephone support, settings receive:

    • Herts for Learning Ltd as the official DPO for their setting
    • onsite visits to discuss policies and procedures
    • creation of an action plan for ensuring ongoing compliance
    • crisis leadership and coordination, communication with the ICO and stakeholders where required

    Cost: £1250 p.a. for single sites.  Please contact us for more details on subscribing for multiple sites.

    To subscribe to the Enhanced DPO Service, please email gdpr@hertsforlearning.co.uk with your details, and we will contact you to discuss your needs further.


    * MATs and Early Years settings pay the full cost for the initial subscription, but receive a discount per additional site. If you wish to order for a toolkit for multiple sites, please complete the order form below with details of additional sites to be given access

    Email your completed form to: resources@hertsforlearning.co.uk.


    GDPR health check

    The Herts for Learning remote GDPR health check has been designed to help educational settings ensure policies and processes for data management, including collecting and handling data, reflect best practice and demonstrate compliance.

    What does the health check consist of?

    A remote session to support and provide guidance to ensure ongoing compliance with:

    • compiling a data audit
    • checking privacy notices, policies and procedures
    • data security
    • data breaches
    • subject access requests

    A summary action plan with key recommendations will be provided to help identify and set future priorities.

    To book a remote health check, at a cost of £95, or for more information, please email gdpr@sd.hertsforlearning.co.uk or call our Service Desk on 01438 844777 (option 1, option 1). 

    Contact details

    GDPR toolkit - access for subscribers