I have had the pleasure of being part of implementing GDPR in over 20 international schools in almost 20 countries.

2/3 of those countries have been within the EU and the rest have been non-EU.


The "GDPR Goes to School" Method™, with its focus on data diagramming/mapping and the Record of Processing Activity, is the result.


My thanks go out to all of the wonderful people who have given such valuable guidance and feedback.





GDPR found me instead of the other way around. In November of 2017, I received a call asking if I could come to Croatia to help a group of international schools get ready for a new regulation, the General Data Protection Regulation (GDPR) aimed at protecting data privacy.

I thought this was another in a long line of typical "compliance" projects I had done throughout my career as a CPA and program manager, but I was wrong. It turns out that GDPR is much more than compliance and is an idea whose time has come.


Data privacy, in the age of the remote learning in schools, affects everything.

I have found thata working on data privacy is deeply meaningful and of great value to everyone. I am eager to share my knowledge, expertise and "how to" with you. The purpose of this website is to introduce you to GDPR, or data privacy, and help you implement a program at your school.

Our focus is on schools and K-12 education so all the information, guidance and templates are customized for schools. Training and examples are focused on school-specific needs.

Let's get started!

Sylvia Gillpatrick, CPA, MBA and DPO (Data Protection Officer)


I earned an undergraduate degree, BS in Psychology, from the University of California (UCLA) and an MBA, majoring in Business and Accounting, from the University of Oregon (U of O). After receiving my graduate degree, I worked for Deloitte, an international accounting firm, and became a Certified Public Accountant (CPA).  I held both Series 7 and 6 certifications while working in financial services and earned a Professional Management Professional (PMP) certification, the foundation of my consulting career.

The most recent addition to my credentials is becoming a certified Data Protection Officer (DPO). This certification indicates a professional level of understanding of GDPR and data privacy in general. GDPR articulates a specific role and work requirements for a Data Protection Officer.

Over the course of my career, I have implemented several accounting systems and many large scale technology projects at the local, state and Federal level. My background in K-12 education is extensive, spanning 20 years. At the district and school level, my accomplishments include implementing numerous curriculum alignments, several large scale, statewide assessments and school improvement programs.

This background has enabled me to create the GDPR Goes to School Method, a school-specific, program that can be implemented -- without experts -- by typical school personnel, within months. Great deal all around!

What's Coming Next

I have collaborated with other groups of international schools, including the law department at Maastricht University, offering a customized Data Protection Officer (DPO) certification. I am also the co-host and organizer of an annual conference, Privacy by Design. The goal of this conference is to "design privacy into" our thinking and development of programs. Our goal is to reach a point where respect for data privacy is embedded in our lives and sustainable, throughout the world.