The Challenge
When GDPR came into force in 2018, St Christopher’s CofE Multi‑Academy Trust found itself at the very beginning of its compliance journey. Jo Wilkey, the Trust’s Data Protection Officer, explained:
“When GDPR was approaching in 2018, we honestly didn’t know where to begin. We were starting our compliance journey from scratch, and as a Trust with multiple schools, we needed structure, clarity and support. Even though we have always had to comply with data protection regulation, we still felt overwhelmed by the scope of what UK GDPR and DPA 2018 would require of us.”
As a growing Trust with schools operating at different levels of readiness, Jo described an ongoing sense of uncertainty:
“The biggest issue was the constant worry around risk and compliance. With multiple schools working at different levels of readiness, it was hard to feel confident that we had full oversight or that we were meeting requirements consistently. That lack of visibility created unnecessary anxiety.”
What the Trust needed was clear guidance, a structured Trust‑wide approach, and a way to build confidence across all schools.
Why St Christopher's chose GDPRiS
After exploring a range of options, GDPRiS stood out as the most complete and education‑focused solution.
It brought everything they needed into one place - tools, workflows, templates, staff training, and leadership oversight - all designed specifically for school and MAT environments.
Jo told us:
“The package was simply more comprehensive than anything else we’d looked at. For a Trust just getting to grips with GDPR, that level of support was absolutely invaluable.”
The features they value most
Over time, several GDPRiS features have become essential to how the Trust manages data protection.
Jo highlighted their top five:
- Central oversight across all schools
Real-time visibility into compliance activity and risk levels across the Trust
- Data Maps and DPIA tools
Structured, guided processes that make complex tasks manageable and consistent
- Staff training and compliance tracking
Clear evidence of staff awareness, training completion, and policy acknowledgements
- The internal auditing and compliance monitor
A reliable way to benchmark readiness and highlight areas needing attention
- Templates and guided workflows
For incidents, information requests, complaints and more - reducing admin time and ensuring consistency
Jo added:
"The comprehensive training, structured RoPA records, and breach reporting tools have made ongoing compliance so much more manageable"
What's changed since adopting GDPRiS
Since implementing GDPRiS, the Trust has seen three major improvements:
-
A more consistent approach across all schools
No matter their size or starting point, every school now follows the same structured processes.
-
Faster, easier, and more efficient audits
Clear evidence, consolidated records, and guided actions have transformed audit readiness.
-
Stronger staff confidence and awareness
Staff now understand their responsibilities and feel supported in meeting them.
One example stood out to Jo:
“Building our RoPA is a great example. We started from nothing, and GDPRiS gave us a methodical, guided way to produce it. What could have felt daunting became manageable and structured, and we were able to get up to speed very quickly.”
Advice to other MATs
Jo’s recommendation to other Trusts is clear:
GDPRiS is a fantastic resource for monitoring compliance across a Trust. Everything is in one place, it gives you visibility across all your schools, and it really supports you in creating consistent, sustainable GDPR practice. For us, it’s become a central part of how we manage data protection.”
