We regularly advise our education clients on data protection issues and provide training to governors/trustees about their obligations as data controllers under the Data Protection Act.
Within our training programmes, we have covered the following aspects:-
- Basic definitions – what does ‘consent’ mean in data protection?;
- Obligation of schools as data controllers;
- Rights of parents and pupils;
- Dealing with third-party requests for information and data sharing;
- Dealing with data breaches;
- Use of cloud services;
- Data retention;
- Security; and
- Data protection policies and privacy notices – what should they contain
We offer bespoke data protection audits which allows the organisation to gain an up-to-date and accurate picture of their compliance along with their obligations as a data controller. This will include recommendations as to any changes to data protection or privacy policies, procedures for handling SAR’s and any procedural/structural changes such as the appointment of a data protection officer.
We assist with subject access requests (“SARS”), from the provision of template letters to aid response, through to providing guidance on what is disclosable and what needs censoring. We also provide advice and support in respect of third party disclosures, and what is permissible under the Data Protection Act,
Also, we regularly advise our clients in relation to the receipt of Freedom of Information Requests, the time limits for responding to such requests and the use of any applicable exemptions.
What to do if there is a Data Protection Act breach
This can include liaison with those who have been affected by the breach and with official agencies such as the local authority and Information Commissioner, including being proactive in remedying and resolving any issues as they arise.
Contact our education experts today