West Suffolk College

West Suffolk College (WSC) is a General Further Education College with ambitious goals to become a leading provider of both vocational and academic education. Located in Bury St Edmunds, Suffolk, it is committed to delivering outstanding educational services, whilst supporting local business growth and the wider regional economy. 

To support its progress and manage decades’ worth of data across a large community of staff and students, WSC turned to The DPO Centre for specialist support with GDPR compliance and policy development. 

Key Challenges

  • Managing historic data 
  • Handling large volumes of data 
  • Updating policies and Privacy Notices 

 

Solutions

The DPO Centre worked closely with the college’s senior management team, first conducting a comprehensive data discovery exercise to effectively map historic data, then guiding strategic reviews to support the handling and organising of large volumes of data. Policy and privacy notices were updated, aligning with current regulations. 

The college now benefits from an outsourced Data Protection Officer who continues to support the development and implementation of a robust compliance framework. This includes regular staff training, breach management processes, ongoing impact assessments, and ensuring effective communication with the Information Commissioner’s Office (ICO) where required. 

Outcome

Jules Bridges, Clerk to the Corporation and College Secretary, said:

‘For us, this process has been an awakening.  Like Health and Safety regulations, GDPR is not there to stop us doing our job but to make sure that we use the information safely and responsibly. The biggest challenge for us is educating our staff and providing solutions that enable them to carry on doing the great things that they are, whilst better protecting the data they are responsible for. 

‘Ultimately, we feel ahead of the game and a leader in GDPR compared to our competitors in the sector.  We’ve taken on the mantra, ‘If in doubt, don’t give it out, give me a shout’, so that staff think twice about what they are being asked to share, who with, for what purpose, on what lawful basis, and when to contact me as the DPL (Data Protection Lead) for advice.  It’s a cultural change that will take time to embed, but already I’m seeing changes in attitudes towards safer and improved data security.’ 

Change your cookie consent