GDPR: Are you Ready?

Education Article

16 November, 2017

The General Data Protection Regulation (GDPR) will come into force in the UK from 25 May 2018 and will apply to all 'controllers' and 'processors' of 'personal data'. The education sector holds vast amounts of personal data relating to its employees, students and pupils who are processed into the system, amongst others who are contracted through the schools. It is advisable to become familiar with these provisions at an early stage.

The key provisions being introduced by the GDPR include:

  • Significant increase in the enforcement powers of the Information Commissioner's Office (fines will rise from a maximum of £500,000 to €20 million or 4% of annual global turnover, whichever is higher);
  • All public authorities must appoint a Data Protection Officer;
  • Changes have been made to the 'subject access request' procedure - you can no longer charge for such requests in most circumstances and the time to respond to requests has been reduced;
  • Changes are made to the definition of consent meaning it will be harder to obtain and easier to withdraw;
  • High risk processing with require a Privacy Impact Assessment; and
  • Introduction of mandatory reporting within 72 hours in some circumstances.

How to Prepare?

The changes being introduced by the GDPR are extensive and compliance will take time to implement. We are advising that our education clients take the following steps in order to prepare:

  • Appoint a Data Protection Officer if you are required to do so;
  • Carry out an information audit to establish what personal data is held and the reasons why, where it is stored, who it is shared with, who has access to the information and how long the personal information is kept for;
  • Create a clear record of data processing activities, including consideration of whether it is necessary to obtain consent in certain circumstances and if so, how and when consent was obtained;
  • Review your existing policies, procedures and privacy notices to ensure that they are amended to comply with the GDPR;
  • Review any existing contracts that will still be ongoing in May 2018 to determine whether any amendments are required so that they are GDPR compliant; and
  • Consider what training employees will require ensure that they are aware of the GDPR and how to comply with the rules to reduce the risk of a break and mitigate the consequences if there is a breach.

If you are looking for any more information with regards to our services view our Education section. You can also contact Ruth Rule-Mullen in our Education department via email or phone on 01772 220195. Alternatively send any question through to Forbes Solicitors via our online Contact Form.


20 Feb 2019



Scottish Universities move to amend admissions process to address equality

An article by the BBC earlier today reported on the intention of Scottish Universities to lower the entry…

Read the article

Forbes Solicitors worked alongside our year 13 Law students to support and challenge their understanding of the Criminal Justice System in England and Wales.

Chris Atkinson
Assistant Principal
Saint Wilfrid's C.E Academy

More clients

Ruth Rule-Mullen and her team from Forbes Solicitors provided our students with a unique insight into careers in Law.

Lucy Diffley
St Bede's RC High School

More clients

Without doubt Jonathan Holden is like a security blanket. He understands that schools need to act in the best interest of school as a whole

Brenda P Allen

More clients

I will keep promoting you and your services because I'm fully committed to the quality of your work and the impact that it has in school.

Sharon Asquith
Ashton Community Science College

More clients

Make an enquiry