Specific Point of Contact (SPOC)

The SPOC is the designated person in school who handles data protection matters on a day-to-day basis. They take operational responsibility for data protection and act as a point of contact for staff and parents.  

The SPOC usually reports to the Senior Information Risk Owner (SIRO). The SPOC will need to work closely with the SIRO and carry out various tasks to ensure that data protection is fully embedded in the operations of the school.

In most schools, the SPOC will be the School Business Manager or a senior member of administrative staff.

For Multi-Academy Trusts (MATs) we recommend that you appoint a SPOC at Trust level in addition to the SPOC for each school within the MAT. The Trust SPOC will need to liaise with Veritau as Data Protection Officer (DPO) and each of the school SPOCs.

School level SPOCs are members of staff who will handle data protection matters at an operational level for their school. As above, this is usually the School Business Manager. School SPOCs should report to the Trust SPOC, liaise with Veritau about school-related queries and maintain contact with other school SPOCs across their MAT.