How much are you willing to spend on School Data Protection?

Data Protection is mandatory for every education provider, school, city and municipality. But the question that those providers and organizations are asking is: how much does mandatory data protection cost? 

Based on many years experience with School Data Protection Processes, and after thousands of Data Protection Impact Assessments (DPIA) unlocks the numbers for you and shows you where they come from.

The whole Data Protection Process costs approximately 70 000 euros plus 215 working days per year. This number is a raw estimate of how much it costs if handled without the right system and processes and without the help of legal consultants. Keep reading and see how much you could save in this process.

Time is money.

In Data Protection there are many topics that take up your resources, and especially take the time of the Data Protection Officer (DPO). 

The biggest and most time consuming task is managing Data Protection Impact Assessments, which can take approximately 800 hours –which means 106 working days. Additionally, other tasks, and managing the Data Protection Process in School, takes around 80 more working days from the Data Protection Officer. So in the end just managing the whole process and the mandatory DPIAs, can easily use 186 days of work.

But that is not all. It is good to be aware that the position of Data Protection Officer is often refilled once a year, and that of course means Onboarding. Onboarding and understanding the laws, the processes and the other tasks takes time, and to become productive in this position can take 30 days.

Money, money, money.

The key cost we have seen in Data Protection is external GDPR Advice Services. Understanding GDPR and data protection is a difficult task and legal advice is a necessary investment if the school does not have its own DPO who has  studied  the laws for many years – this kind of perfect match is rare and extremely hard to find.

Legal Advice and especially the service which specialises in the GDPR can cost a lot of money. Of course the amount of money depends on national prices and how many GDPR specialists are available but the estimate is around 12 000 euros per year.

There is also an even more expensive task in Data Protection, and it is the Extensive Data Protection Impact Assessment (DPIA). Extensive DPIA is necessary for applications where students are graded or profiled or where data processing is broader than usual : for example Google Workspace for Education, Microsoft 365 or Apple.

The Extensive DPIA costs roughly 20 000 euros per DPIA, and normally the school would have between two and four applications which need a closer look - and the amount that those can cost in total is 40 000 – 80 000 euros.

How to save resources?

With you spend around 20 000 euros and 30 working days on the whole Data Protection Process instead of above-mentioned 70 000 euros and 215 working days. Using you have your own local GDPR Advisor to make sure everything is GDPR compliant and national laws are taken into account. You will have a consistent Data Protection Process, support and modern software to help you succeed. 

Contact us and let's get started with cost-effective Data Protection in your School!


Angelika Toivanen, Head of Marketing and Communications,