Our specialist information law team provides cost-effective and novel solutions to all educational institutions on privacy, data protection, GDPR, freedom of information, data transfer challenges and data breaches.

Information law is a fast moving and complex legal landscape which calls for specialists not generalists.

Our Information law team is led by a core of Information lawyers with specialist qualifications and long-standing expertise. The team has sector-specific experience and works alongside education lawyers to deliver truly practical and cost-effective solutions to help you navigate the Information Law regulatory maze.

Our Information Law team provides legal advice, support and training (both face to face and online) through novel and flexibly priced options so our education clients can pick and choose a level of service that suits.

We provide full spectrum advice and support in the education sector, including:

Legal advice

On compliance with your obligations under data protection, GDPR, Privacy and Electronic Communications Regulations (PECR) and planning for the ePrivacy Regulation (set to replace PECR) and freedom of Information law.

Data breach management service

Including technical cyber breaches, reporting a breach, and what you need to do before a breach occurs.

Data protection audits and health checks

The aim of the GDPR audit or health check is to determine and assess your organisation’s level of compliance. Our methodologies have been honed by our specialist lawyers to efficiently capture information about how your organisation handles personal data so that you get a picture of how compliant you are with law.

ISBA Data Protection Health Check

Built for and in partnership with the Independent Schools’ Bursars Association. This service has been specifically created to offer independent schools that are members of ISBA a cost effective but extremely thorough alternative to a full data protection audit. For more information please follow the link below.

Staff Training

This training includes bespoke, standard, face to face and online training. We also provide truly bespoke online training to reflect your local policies and procedures. Please see our training in data protection and freedom of information page for more information.

Data transfer challenges

We can advise on all stages of the transfer of data – from ensuring that the appropriate consents / notices are in place to drafting agreements that may be necessary in specific circumstances.

Outsourcing of data processing

We can advise on, and draft data protection contract clauses and data processor agreements.

Data Sharing Agreements

For independent controller to independent controller sharing or joint controller arrangements.

Drafting bespoke data protection policies

Agile/remote working policies, privacy notices and consent mechanisms.

Direct marketing

Fundraising campaigns, cookies and website compliance.

Data Subject Access Requests

This includes other legal rights under GDPR, requests under Freedom of Information Act and Environmental Information Regulations and Reuse of Public Sector Information Regulations.

Photographs, video, social networking, Artificial Intelligence (AI) and use of biometrics

Understand the dos and don’ts of CCTV, biometric data and data sharing.

Data Security

Data Protection Impact Assessments, pseudonymisation and anonymisation and data security measures

The law and practice referred to in this article or webinar has been paraphrased or summarised. It might not be up-to-date with changes in the law and we do not guarantee the accuracy of any information provided at the time of reading. It should not be construed or relied upon as legal advice in relation to a specific set of circumstances.