The Challenge
As Co‑op Academies Trust continued to expand, so did the complexity of managing data protection across a diverse family of schools. With more academies joining the Trust and risk becoming harder to track locally, their Data Protection Officer, Tammy Pyszky, knew they needed a smarter, more unified way to maintain oversight.
Growth brought new strengths - but also new operational pressures.
Tammy found that, despite strong processes, the tools at hand simply weren’t built for the scale and distributed nature of a MAT.
“With growth, I was struggling to maintain oversight with what was happening at a local level in terms of operational risk.”
This created several challenges that many DPOs will recognise:
- Time wasted on manual processes
- Inconsistent practice from school to school
- Confidence gaps among staff
- Ongoing concerns about risk and compliance
- The constant worry of something slipping through the cracks
For a Trust with such a clear strategic vision, grounded in community, accountability and continuous improvement, this lack of visibility simply wasn’t sustainable.
The Solution
When exploring solutions, Tammy found that many platforms claimed to support MATs but few actually did.
“GDPRiS stood out immediately. Most platforms had been set up for one school. Although they were being advertised for MATs, they hadn't evolved enough to cater for having central oversight.”
GDPRiS has been built with multi‑academy structure in mind, allowing the Trust to see everything that matters in one place. And, importantly, it came recommended by another DPO already using it successfully.
Co‑op Academies Trust adopted GDPRiS, focusing on features that supported scalable oversight, including:
- Central oversight across all schools
- Data Maps & DPIA tool
- Templates and guided workflows for incidents, information requests, and complaints
- Internal auditing and compliance monitoring
- Staff training and compliance tracking
- Expert advice from the GDPRiS support team
What made the biggest difference was the ability to collaborate in-platform, not just track what schools were doing, but actively work with them and support them.
“The platform allows me to work collaboratively to investigate data breaches with each of our schools. I can talk to them through the platform and vice versa. All dialogue is neatly recorded to help us comply with the accountability principle.”
The impact
Since adopting GDPRiS, the Trust has seen clear improvements across several areas:
- Improved consistency across all schools
- Easier audits and simplified evidence gathering
- Stronger governance reporting for senior leaders and the Board
Perhaps, most importantly, the Trust now has the confidence that all activity is visible, traceable, and well‑supported.
A step change in daily practice
What once relied on spreadsheets, manual tracking, and email chains is now handled fluidly and securely in one system. Preparing reports for the CEO or Trust Board now takes minutes, not hours.
“I don’t think I could do my job without it now. The platform has replaced the need for lots of spreadsheets and workflows and keeps everything neatly in one place.”
Tammy describes GDPRiS as "simple, secure, and built for the realities of MAT life, not just a re-skinned school system".
Advice to other Trusts
For MATs facing similar issues around scale, governance, and consistency, the message from Tammy is clear:
“GDPRiS is safe, secure and very easy to use. I can produce reports for our CEO and Trust Board with minimal effort. The platform didn’t just streamline processes, it strengthened accountability and empowered our Trust to manage data protection confidently as we continue to grow.”
