Background
Red Balloon Educational Trust was founded in 1996 to provide tailored educational and well-being support to young people who are unable to attend mainstream schools. The Trust has helped over 2,500 pupils across the UK to overcome challenges related to bullying, mental health issues, trauma, or neurodivergence.
With limited capacity to implement a comprehensive data protection compliance framework, the charity contacted The DPO Centre for advice and support. Their main challenges were how to handle sensitive student data and how to improve their policies and procedures to ensure ongoing GDPR compliance.
Challenges
- Sensitive data handling
- Policies & procedures
- Staff training
Solution
A comprehensive review of Red Balloon’s existing data processing activities and compliance framework revealed gaps in data protection related policies and limited GDPR understanding among staff.
The designated DPO developed a suite of policies and procedures tailored to the charity, including a Data Protection Policy, various Privacy Notices, and a Retention Policy, allowing the organisation to have clear processes for sensitive data handling and data cleansing.
Working alongside Red Balloon representatives from each centre, the DPO compiled a mandatory Record of Processing Activity (RoPA) to document the data processes conducted throughout the organisation, identify and mitigate risks, and ensure operational resilience.
The DPO designed and delivered bespoke staff training, providing expert guidance to the Red Balloon team to cement company-wide awareness of GDPR compliance.
Outcome
Maddy Smart, MIS Manager at Red Balloon, said, ‘The best thing about working with The DPO Centre has been the tailored support. They dedicated time to understanding who we are, what we aim to achieve, and the importance of protecting the young people, their families, and our staff. The DPO Centre understood the unique challenges of data management within the charity and education sector and provided solutions to ensure our compliance. Their expertise has been invaluable in helping us understand the complexities of the GDPR so we can focus on our mission. We are truly grateful for the time and effort The DPO Centre put into this task in such a professional and diligent way. Thank you.’