SK logo
March 20, 2020

Information Law

Information Law

Our specialist information law team provides cost-effective and novel solutions to all educational institutions on privacy, data protection, GDPR, freedom of information, data transfer challenges and data breaches.

Information law is a fast moving and complex legal landscape which calls for specialists not generalists.

Our Information law team is led by a core of Information lawyers with specialist qualifications and long-standing expertise. The team has sector-specific experience and works alongside education lawyers to deliver truly practical and cost-effective solutions to help you navigate the Information Law regulatory maze.

Our Information Law team provides legal advice, support and training (both face to face and online) through novel and flexibly priced options so our education clients can pick and choose a level of service that suits.

We provide full spectrum advice and support in the education sector.

We provide a wide range of state of the art digital template documentation available individually or as bundles. For example, Privacy Notices, Data Protection Policy, BYOD Policy, DPIA, ROPA, Retention Policy and consent mechanisms.

Find out more about our Infomation Law Template Policies here

Legal advice

On compliance with your data protection obligations under both the EU GDPR and UK GDPR, the Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR) and planning for the ePrivacy Regulation (set to replace PECR) and freedom of Information law.

Data breach management service

We are experienced in managing different types of data breach including technical cyber breaches; we can assist in preventing, managing and reporting data breaches.

Data protection audits and health checks

We are experienced in delivering full  GDPR audits and the “lighter touch” compliance “health check” so you get a clear picture of your organisation’s level of compliance and any steps required to achieve compliance. Our methodologies have been honed by our specialist lawyers over many years in the field, to efficiently and accurately capture information about how educational organisations handle personal data and  where the trip wires lie.

ISBA Data Protection Health Check

Built for and in partnership with the Independent Schools’ Bursars Association (ISBA). This service has been specifically created to offer independent schools that are members of ISBA a cost effective alternative to a full data protection audit and our Stone King health check.

Staff Training

Our Information Law team provide novel and effective training to help your organisation comply with GDPR and most importantly reduce the likelihood of staff committing data breaches. We offer bespoke, standard, face to face, online and blended learning. We also provide truly bespoke online training to reflect your local policies and procedures. Please see our training in data protection and freedom of information page for more information. If you subscribe toDPOGuardian or DPOSentinel you can also select all staff data protection training that is assessed and role-based delivered through our partner Tenjin (

Data transfer challenges

Transfers of personal data from the UK are inevitable and raise data protection compliance issues. The legal landscape relating to international data transfers is fast moving and complex. We can help with ensuring that the appropriate consents / notices are in place to drafting agreements that may be necessary in specific circumstances. We can also prepare Data Transfer Impact Assessments (DTIA/TIA) to help you assess whether personal data being transferred will be adequately protected.

Outsourcing of data processing

We advise on relationships with third parties (e.g. Data Controller to Data Processor arrangements; Independent Controller to Independent Controller arrangements; Joint Controller arrangements) and drafting Data Processing Agreements and Data Sharing Agreements.

Data Sharing Agreements

For independent controller to independent controller sharing or joint controller arrangements.

Drafting bespoke data protection policies

We can draft bespoke data protection policies, privacy notices and consent mechanisms etc.

Website Cookie Compliance

Advice on compliance with website cookie compliance

Direct marketing and Fundraising

We can advise on your fundraising and direct marketing campaigns including compliance with ICO Direct Marketing guidance and Code of Practice, legal basis for direct marketing etc.

Data Subject Access Requests

We are experienced in dealing with tricky requests for information under GDPR,  Freedom of Information Act and Environmental Information Regulations and Reuse of Public Sector Information Regulations.

Photographs, video, social networking, Artificial Intelligence (AI) and use of biometrics

Understand the dos and don’ts of CCTV, processing of biometric data and data sharing.

Data Security

Data Protection Impact Assessments, pseudonymisation and anonymisation and data security measures

To give flexibility you can access our Information Law services in a variety of ways; contact us only when you need us or subscribe to one of our three “next generation” Information Law Retainers, each offering varying levels of support. DPOSentinel is our most intensive service, ideally suited to MATs or if you have no DPO or require more support; DPOGuardian is DPO support service aimed at supporting your own Data Protection Officer/Lead. DPOLookOut is our entry-level service. Depending on which option you select you can access different amounts of legal advice, staff data protection training, access to a state of the art Information Law ToolKit containing digital template policies, privacy notices, consent mechanisms etc. an annual Data Protection Compliance Review and Information Law webinars. Compare prices and services Find out more here

Paula Williamson
0121 201 3689
Click here to email Paula