We understand the pressure you're under to keep data safe and comply with GDPR

We act as the data protection officer for over 600 public sector clients. From local schools to national sports governing bodies, we can adapt our service to suit you. We also work with organisations that have their own data protection officer but need an extra line of support.

Guiding you through the world of data protection

Although we’ve left the EU, GDPR still applies to organisations in the UK. The regulations exist to make sure we all use information safely and responsibly.

Managing data can seem like a daunting task, but we have a team of qualified staff on hand to help. We work with over 600 schools and academies and are experts in managing information risks in the education sector.

Our focus isn’t just on schools. We also act as the DPO for several local authorities, council-owned companies and national sports governing bodies. If you work within the public sector we’re here to support you.

Do you need a DPO?

Data protection legislation might appear complicated but the main laws to consider are:


  • Data Protection Act 2018
  • UK General Data Protection Regulation (GDPR)
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004


GDPR requires that all public authorities, including schools, appoint a DPO. They can be based in-house, shared with others or bought in as a service. Your DPO must act independently and with objectivity and is there to:


  • Inform and advise on data protection requirements
  • Support you to monitor internal compliance
  • Assist you with Data Protection Impact Assessments (DPIAs)
  • Demonstrate accountability
  • Act as a single point of contact with the Information Commissioner’s Office (ICO)

Case study

Supporting schools with data protection during Covid-19

Our data protection officer team had to adapt the service quickly during Covid-19. Rapid response was essential and the team worked flexibly to support schools during lockdown.

Read this case study

Our services

We offer a range of packages that can be tailored to your needs. With all our services, help is always on hand to discuss your data protection queries.

If you already have an in-house DPO but would like some extra support, our advisory service is ideal.

DPO+ (3 year contract)

With our three year package, you receive a bespoke approach to data protection. Over the course of your contract, we work with you to develop personalised action plans and priorities.

This improves your overall compliance, allowing you to demonstrate to stakeholders the strength of your assurance frameworks. Our three-year contract includes:

  • Access to Veritau’s client portal including standard templates
  • Unlimited, expert advice via our helpline
  • Specialist e-learning, and two free places on our workshops
  • Bespoke annual compliance audits
  • Annual onsite visits and regular Skype calls
  • Full annual compliance review and bespoke action plan
  • Information security incident and data breach support
  • Correspondence and liaison with the ICO
  • Support with DPIAs and other data protection documentation

DPO (1 year contract)

  • Access to Veritau’s client portal including standard templates
  • Unlimited, expert advice via our helpline
  • Specialist e-learning, and two free places on our workshops
  • Annual visit (onsite or via Skype)
  • Full compliance review and action plan
  • Information security incident and data breach support
  • Correspondence and liaison with the ICO
  • Support with DPIAs and other data protection documentation

Advisory service for those with existing DPOs

Do you have an in-house DPO but need a little extra support? Perhaps there’s a specific issue you’d like to discuss, or you’re looking for some additional training.

This service is designed with multi-academy trusts in mind, although we work with any public sector organisation. Our DPO advisory contract provides reassurance that support will be there when you need it. You’ll receive:

  • Unlimited advice through our helpdesk
  • Regular newsletters
  • Access to training events and workshops
  • Alerts on key changes in legislation and best practice

E-learning bundle for schools

Providing data protection training for your staff is really important. It’s something the ICO places great emphasis on, especially when everyone in your organisation deals with data daily.

Veritau’s e-learning package ensures that you can provide quality training for all your staff. Once purchased, you’ll be able to access the courses for two years. Modules include:

  • Information security
  • Data protection for schools: introduction to data protection
  • Information rights
  • Records management
  • Senior information risk owner, information asset owner and specific point of contact
  • Educational records requests and subject access requests

Courses all include interactive elements and are suitable for everyone in your organisation.

20+ years of experience

We have a large team of data protection experts who are all professionally qualified or currently training. They specialise in working with schools and other education bodies, local authorities, and the wider public sector.

At Veritau we provide a variety of assurance services, including internal audit, counter fraud, risk management and information governance. As our client, you have access to wide-ranging expertise and sector-specific knowledge.

Andy Nutting - Information Governance Manager

Andy Nutting

Information Governance Manager

Andy has over 25 years’ experience working in information governance within local government. He specialises in the development and implementation of bespoke information strategy, policy and processes. Andy has a professional interest in making information open and transparent, and enhancing ethical considerations around data.

Helen Swan - Assistant Director – Information Governance

Helen Swan

Assistant Director – Information Governance

Helen is a professionally qualified information governance practitioner with experience in delivering services across the public sector. She oversees Veritau’s schools, councils and access teams, focusing on business development and client relationship management.

Robert Beane - Senior Information Governance Officer

Robert Beane

Senior Information Governance Officer

Robert brings his wealth of experience in local government management to the delivery of information governance. He supports our schools and corporate clients with the development of assurance frameworks to embed good information governance practice throughout their business. Robert is also Veritau’s own Data Protection Officer.

Rosie Kelly - Information Governance Manager

Rosie Kelly

Information Governance Manager

Rosie is an experienced DPO with a background in the legal sector, who holds the CIPP/E certification from the IAPP. She specialises in UK GDPR compliance in the education sector, including expertise in Edtech and data protection governance in Multi-Academy Trusts. Rosie leads on training and resources, contract assurances, international data transfers and promoting awareness of regulatory changes.

What our clients say

“The security of an expert on the end of the phone to help you through concerns with a common sense approach has been invaluable to our school.”

– Levens CE Primary, Cumbria

“Veritau are always helpful when we have questions regarding GDPR and are very responsive. The online training modules and templates have been very helpful and informative for staff as has the regular newsletters we receive. We would highly recommend Veritau for any of your GDPR requirements and support.”

– Kingsley Primary School, Hartlepool

“I find Veritau’s services extremely valuable. Model policies and documents are easy to adapt keeping us up to date and also website compliant. The visits I have had from the team have been very professional at the same time as being human and friendly.”

– Hunmanby Primary School, Filey

Find out more about the role of a DPO

Offsite resource

ICO's guide to data protection officers

The ICO is an excellent resource if you’re unsure about whether you need data protection support and has information on where to start.

Website: org.uk

View this resource
Get in touch

Do you need a DPO or want to discuss how we can support you? We work with our partners at North Yorkshire Education Services for specialist schools services. To discuss data protection requirements for other public bodies, please get in touch with us.