The new General Data Protection Regulations (GDPR) has a requirement for public authorities, including schools and academies, to have a Data Protection Officer (DPO). Some guidance on this has already been sent out but we have now had more time to consider a solution for schools and would like to suggest another potential option for meeting this requirement, in addition to those already suggested.