Please note: this event is now fully booked. There are spaces available for the session on 2 May.
Alternatively please contact Events to be put on a waiting list.
The training will cover data protection basics as well as 'high risk' areas such as information security and sharing personal data.
This seminar will cover issues specific to independent schools such as:
- Subject access requests (SARs) made by pupils, parents, staff and others. Individuals are increasingly making SARs for tactical reasons in order to try and force disclosure of information which might assist them in a dispute with a school. Our training includes practical guidance on how best to manage these requests as well as advice on how to apply the exemptions from disclosure.
- Specific issues around children and data protection, such as consent, health and social services records and under what circumstances information should be withheld from parents/guardians.
- Staff and pupil references.
- Monitoring of staff and pupils. For example, keeping track of staff and pupil internet use, reading staff emails, CCTV and under what circumstances it is permissible to make covert (secret) recordings.
- The data protection implications of new technology including home/remote working (so called 'bring your own device to work'), website security, use of tablets/mobiles by staff and storing information in the 'the cloud'.
In addition, the training will look at the steps which schools should be taking around compliance with the GDPR (General Data Protection Regulation) which is set to replace the DPA from May next year. This will include:
- How to carry out a data audit (often the first step towards GDPR compliance)
- The additional GDPR information security requirements (eg, "privacy by design", data minimisation etc)
- The GDPR transparency requirements; Specific problem areas such as marketing and fundraising consents
- How to manage data breaches (the GDPR introduces a requirement to report breaches within 72 hours)
- New data subject rights such as the "right to be forgotten"
- The GDPR record keeping requirements.
Data protection is becoming increasingly important. The consequences of getting it wrong can include fines of up to £500,000 and compensation payments. Once the GDPR applies the maximum fines will increase to the higher of £17 million or 4% of worldwide turnover.
The risks have increased recently as new technology and ways of working have meant that schools are handling information in ever more sophisticated ways. Pupils, parents and staff are also increasingly aware of their information rights and appear more willing to report non-compliance on the part of schools to the Information Commissioner (who regulates data protection).
We will provide an interactive session incorporating case studies based on real examples and group problem sharing, with a strong focus on practical solutions.
The training will give delegates a practical understanding of how data protection issues should be managed in an independent schools context.
The cost of attending the session is £166.67+VAT (£200 incl.VAT) which includes a copy of the seminar materials (slides and case studies).
For more information regarding this course, please contact our Events team.