The training will cover data protection basics as well as 'high risk' areas such as information security and sharing personal data.
We will cover issues specific to independent schools such as:
• Data subject rights including subject access requests (SARs) made by pupils, parents, staff and others. SARs are often made for tactical reasons in order to try and force disclosure of information which might assist the requester in a dispute with a school. Our training includes practical guidance on how best to manage these requests, as well as advice on how to apply the exemptions from disclosure.
• Specific issues around children and data protection, including consent, health and social services records, and under what circumstances information should be withheld from parents/guardians.
• Staff and pupil references.
• Monitoring of staff and pupils. For example, keeping track of staff and pupil internet use, reading staff emails, CCTV and under what circumstances it is permissible to make covert (secret) recordings.
• How to ensure that your school's fundraising and development activities comply with data protection and privacy law. This includes when you need to get consent, when you can rely on "legitimate interests" and specific problem areas such as wealth screening.
We also provide practical guidance on how to comply with the GDPR and the Data Protection Act 2018:
• The GDPR information security requirements.
• Mandatory privacy enhancing techniques such as "privacy by design" and data minimisation.
• How to manage data breaches and how data protection compliance sits within your school's wider compliance framework.
• The GDPR record keeping requirements.
• Which policies and documentation are required for data protection compliance.
The consequences of getting it wrong can include fines of up to the higher of €20 million or 4% of worldwide turnover. In addition, it is now much easier for individuals to bring a claim if their data protection rights have been infringed.
The risks have increased recently as new technology and ways of working have meant that schools are handling information in ever more sophisticated ways. Pupils, parents and staff are also increasingly aware of their information rights and appear more willing to report non-compliance on the part of schools to the Information Commissioner (who regulates data protection).
We will provide an interactive session incorporating case studies based on real examples and group problem sharing, with a strong focus on practical solutions.
The training will give delegates a practical understanding of how data protection issues should be managed in an independent schools context.
The cost of attending the session is £166.67+VAT (£200 incl.VAT) which includes a copy of the seminar materials (slides and case studies).