Our specialist information law team provides cost-effective and novel solutions to all educational institutions on privacy, data protection, GDPR, freedom of information, data transfer challenges and data breaches.
Information law is a fast moving and complex legal landscape which calls for specialists not generalists.
Our Information law team is led by a core of Information lawyers with specialist qualifications and long-standing expertise. The team has sector-specific experience and works alongside education lawyers to deliver truly practical and cost-effective solutions to help you navigate the Information Law regulatory maze.
Our Information Law team provides legal advice, support and training (both face to face and online) through novel and flexibly priced options so our education clients can pick and choose a level of service that suits.
We provide full spectrum advice and support in the education sector, including:
- Legal advice
On compliance with your obligations under data protection, GDPR, Privacy and Electronic Communications Regulations (PECR) and planning for the ePrivacy Regulation (set to replace PECR) and freedom of Information law.
- Data breach management service
Including technical cyber breaches, reporting a breach, and what you need to do before a breach occurs.
- Data protection audits and health checks
The aim of the GDPR audit or health check is to determine and assess your organisation’s level of compliance. Our methodologies have been honed by our specialist lawyers to efficiently capture information about how your organisation handles personal data so that you get a picture of how compliant you are with law.
- ISBA Data Protection Health Check
Built for and in partnership with the Independent Schools’ Bursars Association. This service has been specifically created to offer independent schools that are members of ISBA a cost effective but extremely thorough alternative to a full data protection audit. For more information please follow the link below.
- Staff Training
This training includes bespoke, standard, face to face and online training. We also provide truly bespoke online training to reflect your local policies and procedures. Please see our training in data protection and freedom of information page for more information.
- Data transfer challenges
We can advise on all stages of the transfer of data – from ensuring that the appropriate consents / notices are in place to drafting agreements that may be necessary in specific circumstances.
- Outsourcing of data processing
We can advise on, and draft data protection contract clauses and data processor agreements.
- Data Sharing Agreements
For independent controller to independent controller sharing or joint controller arrangements.
- Drafting bespoke data protection policies
Agile/remote working policies, privacy notices and consent mechanisms.
- Direct marketing
Fundraising campaigns, cookies and website compliance.
- Data Subject Access Requests
This includes other legal rights under GDPR, requests under Freedom of Information Act and Environmental Information Regulations and Reuse of Public Sector Information Regulations.
- Photographs, video, social networking, Artificial Intelligence (AI) and use of biometrics
Understand the dos and don’ts of CCTV, biometric data and data sharing.
- Data Security
Data Protection Impact Assessments, pseudonymisation and anonymisation and data security measures