Chris Billington and Sue King, partners within Wrigleys SolicitorsSchools will need to take a number of steps to ensure compliance ahead of the May 2018 deadline for GDPR. As a first step you should identify the types of personal data held by your school and the reasons why you process data relating to pupils and parents, employees, contacts and other members of the public. From this starting point your school should consider whether such processing is lawful and otherwise carried out in accordance with the requirements of GDPR.
Failure to comply with the GDPR could lead to significant financial penalties being imposed on your school so it is critical that you review all data protection arrangements at a strategic level. This session is all about being GDPR-compliant.
Take home points:
Chris and Sue will focus on:
- understanding your obligations under the GDPR;
- designing and implementing data mapping exercises to identify personal data held by your school and third parties and the processing carried out on your behalf;
- preparing the documents required to demonstrate compliance with the new legislation, including;
- privacy notices;
- data protection policies;
- data protection agreements with third parties;
- untangling the knotty issue of consent including when consent to the processing of personal data is required and how it should be obtained.
SBMs – in schools or academies – and other members of SLT who wish to gain a better understanding of the new legislation. Bring your questions and qualms and we will aim to unravel some myths for you.
View the presentation