• Careers
  • Contact Us

GDPR - What Next?

on Thursday, 21 June 2018.

So the deadline of 25 May has been and gone - and all our inboxes are clogged up with privacy notices from every organisation we have ever done business with. What now?

Well it is clear that the manner in which schools should implement the GDPR will continue to evolve.

The  Information Commissioner (ICO) will continue to release guidance regarding GDPR implementation, and we can also expect advice to schools to be updated once the first court cases on the GDPR are published.

Best practice will develop as schools wrestle with the application of the GDPR in practice and the DfE will release the updated version of their GDPR toolkit for schools.

Subject Access Requests

One recent but significant update already made by the ICO is that a subject access request (SAR) can be made verbally, and does not need to be in writing, as previously understood.

It is important that your staff are alert to this and trained to recognise what might constituted a SAR. This does create scope for individuals to assert that the clock is ticking from when a verbal request is made, or assert a breach if a request for personal information is not recognised or acted upon. We believe it is reasonable to ask individuals to confirm their request in writing, which enables clarity on the scope of any request and the timescale for a response.

Updating Your Policies

We appreciate that the uncertainty and amount of change is frustrating and burdensome. It means that although most schools have published their privacy notices and policies, these documents are likely to be subject to changes over the coming months. We will help schools make the judgment as to how often the updates should be made - balancing strict adherence with the need to avoid bombarding staff and parents with minor changes.

Keep on Top of Legal Changes

Our suite of data protection policies and privacy notices are tailored specifically for use by independent schools and address issues that commonly arise.

The Data Protection & GDPR module of our Compliance Toolkit has been specifically designed to help you keep on top of changes and how these should be actioned in policies and procedures.


Wish to find out more about our Compliance Toolkit? Please contact Andrew Gallie, in our Data Protection team, on 0117 314 5623.

Leave a comment

You are commenting as guest.