Skip to main content
  • About
  • News & Insights
  • Careers
  • International
0808 291 3524
Dialog that contains search functionality
Irwin Mitchell Logo
  • Personal
    • Personal
    • Personal Home
    • Personal Injury Claims
      • Personal Injury Claims
      • Personal Injury Claims Home
      • Abuse Claims
      • Accidents In Public Places Claims
      • Criminal Injury Compensation Claims
      • Accident At Work Claims
      • Air, Rail & Maritime Claims
      • Asbestos & Mesothelioma Claims
      • Changing Solicitors During a Personal Injury Claim
      • Group Claims
      • Holiday Accidents & Illness Claims
      • Illness Compensation Claims
      • Industrial Disease Claims
      • Injury Types
      • Military Injury Compensation Claims
      • No Win No Fee Personal Injury Claims
      • Personal Injury Claims In Scotland
      • How To Claim Compensation For Personal Injury
      • Product Liability Claims
      • Road Traffic Accident Claims
      • Serious Injury Claims
      • Who Can Help?
      • Support Services
    • Medical Negligence Claims
      • Medical Negligence Claims
      • Medical Negligence Claims Home
      • Cancer Misdiagnosis Claims
      • Birth Injury Claims
      • Cauda Equina Syndrome Claims
      • Never Event Claims
      • Ambulance & Paramedic Medical Negligence Claims
      • Cosmetic Surgery Claims
      • Private Healthcare Claims
      • Cerebral Palsy Claims
      • Defective Medical Device Claims
      • Dental Negligence Claims
      • Diabetes Misdiagnosis Claims
      • Fatal Medical Negligence Claims & Inquests
      • GP Negligence Claims
      • Hospital Negligence Claims
      • What Is Medical Negligence?
      • Meningitis Misdiagnosis Claims
      • Failure To Prevent Suicide Claims
      • Misdiagnosis Claims
      • Ophthalmic Negligence Claims
      • Pregnancy & Gynaecology Injury Claims
      • Sepsis Negligence Claims
      • Pharmacy And Medication Negligence Claims
      • Shrewsbury & Telford Hospital NHS Trust Maternity Care Claims
      • Stroke Misdiagnosis Claims
      • Surgery Compensation Claims
    • Counselling
      • Counselling
      • Counselling Home
      • Counselling Myths Dispelled
    • Family Law
      • Family Law
      • Family Law Home
      • Divorce Solicitors
      • Prenuptial & Postnuptial Agreement Solicitors
      • Child Abduction Solicitors
      • Civil Partnership Solicitors
      • LGBT+ Family Law Solicitors
      • Unmarried Couples' Rights
      • Divorce Financial Settlement Solicitors
      • Child Arrangement Orders
      • Family Mediation
      • Out of Court Divorce Solicitors
      • Separation Agreement Solicitors
      • Adoption & Surrogacy Solicitors
    • Wills, Trusts & Estates
      • Wills, Trusts & Estates
      • Wills, Trusts & Estates Home
      • Estate Planning Solicitors
      • Powers Of Attorney
      • Trusts
      • Will Writing Services
      • Will Disputes & Contentious Probate
    • Conveyancing & Property Solicitors
      • Conveyancing & Property Solicitors
      • Conveyancing & Property Solicitors Home
      • Conveyancing Fees Calculator
      • Buying A Property
      • Selling A Property
      • Remortgage
      • Transfer Of Equity
      • Buy To Let
      • Freehold Purchase (Leasehold Enfranchisement) Solicitors
      • Lease Extension Solicitors
      • Conveyancing Guide
      • Residential Property Disputes
    • Tax
      • Tax
      • Tax Home
      • Business Tax
      • Inheritance Tax
      • International Tax
      • Professional Negligence
      • HMRC Tax Investigations
      • Tax Disputes & Litigation
      • Tax Residence
      • Tax Returns & Compliance
      • UK Resident Non-Doms
      • Wealth Structuring
    • Probate
      • Probate
      • Probate Home
      • International Probate
      • Probate Sale Conveyancing
      • What Is Probate & How Does It Work?
    • Will, Trust & Estate Disputes
      • Will, Trust & Estate Disputes
      • Will, Trust & Estate Disputes Home
      • Trust Disputes
      • Inheritance Act Claims
      • Contesting A Will
      • Contentious Probate
      • Pre-Death Agreements
      • Professional Negligence
      • Challenging A Lifetime Gift
      • Financial Abuse
      • Statutory Will Disputes
      • Defending A Contested Will
    • Employment Solicitors
      • Employment Solicitors
      • Employment Solicitors Home
      • Employment Contract Solicitors
      • Employment Disputes
      • Dismissal & Redundancy Solicitors
      • Employment Discrimination Solicitors
      • Employment Lawyers for Legal Expenses Insurance
      • Harassment & Bullying At Work Solicitors
      • Parental & Family Friendly Employment Rights
      • Professional Discipline Solicitors
      • Recruitment & Promotion
      • Senior Executive Employment Lawyers
      • Settlement Agreements
      • Whistleblowing Solicitors
    • Elderly Legal Services
    • Protecting Your Rights
      • Protecting Your Rights
      • Protecting Your Rights Home
      • Actions Against The Police
      • Inquests
      • Environmental & Planning Law
      • Assessment & Treatment Unit Solicitors
      • Data Protection Breach Claims
      • Education Law
      • Healthcare & Social Services
      • Human Rights
      • Judicial Review
      • Mental Capacity
      • Professional Regulation & Discipline
      • Dispute Resolution
      • Legal Aid
    • Immigration Solicitors
      • Immigration Solicitors
      • Immigration Solicitors Home
      • British Citizenship & Naturalisation Solicitors
      • EU & EEA Immigration Solicitors
      • Indefinite Leave To Remain Solicitors
      • Spouse Visa Solicitors
      • Innovator Visa
      • Permanent Residence Solicitors
      • Business Immigration Solicitors
    • Crime & Investigations
      • Crime & Investigations
      • Crime & Investigations Home
      • Crime
      • Fraud & Financial Crime
      • Court Martial Solicitors
      • Motoring Offences Legal Advice
      • Regulatory Investigations & Enforcement
    • Insolvency
      • Insolvency
      • Insolvency Home
      • Business Restructuring & Insolvency
      • Debt Consultancy
      • Insolvency Disputes & Litigation
    • Court Of Protection
      • Court Of Protection
      • Court Of Protection Home
      • Court Of Protection Deputyship
      • Personal Injury Trusts
      • Court Of Protection Problems & Disputes
      • Healthcare and Social Services
      • Court of Protection Frequently Asked Questions
      • Powers Of Attorney Disputes
      • Statutory Wills Solicitors
  • Wealth Management
    • Wealth Management
    • Wealth Management Home
    • Asset Management For Personal Injury
    • Charity & Philanthropy
    • Estate Planning
    • Ethical & Sustainable Investing
    • Financial Planning
    • Intergenerational Wealth Management
    • Investment Management
    • Retirement Financial Planning
    • Family Offices
    • Succession Planning
    • Tax Planning
  • Business
    • Business
    • Business Home
    • Sectors
      • Sectors
      • Sectors Home
      • Agriculture & Rural Business
      • Retail, Leisure & Hospitality
      • Education
      • Financial & Professional Services
      • Landed Estates
      • Manufacturing
      • Real Estate
      • Sport
      • Technology & Communications
    • Banking & Finance
      • Banking & Finance
      • Banking & Finance Home
      • Corporate Banking
      • Leveraged & Acquisition Finance
      • Real Estate Finance
      • Receivables Finance & Asset Based Lending
    • Environmental, Social & Governance
      • Environmental, Social & Governance
      • Environmental, Social & Governance Home
      • Cyber Security
      • Environment
      • Net Zero
      • Social
      • Diversity & Inclusion
      • Governance
      • International
      • ESG Legal Advisory Services
      • Legislation Library
      • Manufacturing Sector
      • Real Estate
      • Retail, Leisure and Hospitality Sector
      • Sports Sector
    • Business Crime
      • Business Crime
      • Business Crime Home
      • Anti-Bribery & Corruption
      • Asset Tracing & Recovery
      • Cartels & Illegal Price Fixing
      • Cybercrime
      • Dawn Raids
      • Deferred Prosecution Agreements
      • Extradition
      • INTERPOL Red Notices
      • Mutual Legal Assistance
      • Private Prosecution
      • Proceeds Of Crime Act
      • Unexplained Wealth Orders
      • Fraud Lawyers
      • Insider Trading & Market Abuse
      • Corporate Internal Investigations
    • Business Immigration
      • Business Immigration
      • Business Immigration Home
      • Business Visitor Visa
      • Global Business Mobility Visas
      • Innovator Visa
      • Prevention Of Illegal Working
      • Skilled Worker Visas
      • Sole Representative Of An Overseas Business
      • UK Visa Sponsor License
    • Commercial
      • Commercial
      • Commercial Home
      • Commercial Contracts
      • Competition Law
      • GDPR & Data Protection
      • Information Technology
      • Sourcing
      • Notary Public Solicitors
    • Commercial Litigation & Dispute Resolution
      • Commercial Litigation & Dispute Resolution
      • Commercial Litigation & Dispute Resolution Home
      • Banking & Finance Litigation
      • Business Interruption Insurance Lawyers
      • Contract Disputes
      • Defamation & Reputation Management
      • International & Cross-Border Disputes
      • Commercial Debt Recovery
      • Litigation Funding
      • Professional Negligence
    • Corporate
      • Corporate
      • Corporate Home
      • Corporate Advisory
      • Equity Capital Markets
      • Mergers & Acquisitions (M&A)
      • Private Equity
      • Search Funds and Entrepreneurship Through Acquisition Lawyers
    • Costs Team
    • Employment Law
      • Employment Law
      • Employment Law Home
      • Business Immigration
      • Employment Contracts, Policies & Procedures
      • Disciplinary & Grievance
      • Employee & Industrial Relations
      • Employment Lawyers for Legal Expenses Insurance
      • Employment Litigation & Resolution Lawyers
      • Equality, Diversity & Discrimination
      • Flexible Working Arrangements
      • Health & Safety
      • HR Advice Service - IMhrplus
      • Managing Sickness Absence
      • Pensions
      • Recruitment
      • Restrictive Covenants
      • Restructuring & Redundancy
      • Self Employment, Contractors & Agency Workers
      • Employment Seminars, Training & Updates
      • TUPE
    • In-House Counsel
    • Intellectual Property and Media
      • Intellectual Property and Media
      • Intellectual Property and Media Home
      • Defamation & Reputation Management
      • Copyright Lawyers
      • Design Rights Lawyers
      • Image Rights Lawyers
      • Online Marketplace Seller Account Or Listing Suspensions
      • Stopping IP Infringement By Sellers On Online Marketplaces
      • Patent Lawyers
      • Trade Mark Lawyers
      • Trade Secrets Lawyers
    • Legal Helpline
    • Licensing
      • Licensing
      • Licensing Home
      • Betting & Gaming Licensing
      • Event Licences
      • Alcohol Licensing
    • Pensions
      • Pensions
      • Pensions Home
      • Employment
      • Managing Death Benefit Trusts
    • Regulatory & Compliance
      • Regulatory & Compliance
      • Regulatory & Compliance Home
      • Road Transport & Operator Compliance
      • GDPR & Data Protection
      • Regulatory Investigations
      • Account Freezing Orders
      • Anti-Money Laundering
      • Companies House Prosecutions
      • Environment & Safety Regulatory Compliance
      • Financial Services Regulation
    • Real Estate
      • Real Estate
      • Real Estate Home
      • Corporate Occupiers
      • Real Estate Development and Regeneration
      • Construction & Engineering
      • Environmental
      • Real Estate Finance
      • Real Estate Investment
      • Later Living & Care
      • Planning
      • Property Litigation & Real Estate Disputes
      • Real Estate Tax
      • Residential Development
      • Strategic Land
      • Structured Real Estate
    • Restructuring & Insolvency
      • Restructuring & Insolvency
      • Restructuring & Insolvency Home
      • Corporate Insolvency
      • Partnership Insolvency
      • Directors' Duties
      • Restructuring Plans
      • Debt Recovery (up to £100,000) – Pricing
      • Restructuring
    • Tax
      • Tax
      • Tax Home
      • Corporate Tax
      • Real Estate Tax
      • Tax Investigations
  • People
    • People
    • People Home
    • Search By Name
    • Search By Location
    • Search By Expertise
    • Business Management
  • Offices
    • Offices
    • Offices Home
    • Birmingham
    • Brighton
    • Bristol
    • Cambridge
    • Cardiff
    • Chichester
    • Edinburgh
    • Gatwick
    • Glasgow
    • Leeds
    • Liverpool
    • London
    • Manchester
    • Middlesbrough
    • Newbury
    • Newcastle
    • North Yorkshire
    • Nottingham
    • Reading
    • Sheffield
    • Southampton
  • Contact
  • About
  • News & Insights
  • Careers
  • International
Irwin Mitchell Logo
Dialog with Irwin Mitchell phone number
Call us on 0808 291 3524

We're here 24/7, 365 days a year.

  • Home
  • News & Insights
  • Newsletters
  • Education Update
  • Legal Briefing - 21 April 2017

Legal Briefing - 21 April 2017

Data Protection – important issues affecting your school

There has been a recent 40% increase in reported data breaches in the education sector according to the Information Commissioners Office (“ICO”) yet a Government report showed that out of 13 sectors, the education sector spend the least on data security.

New initiatives such as use of body cameras in schools will raise new data protection issues.

In light of these findings, data protection compliance will need to be high on the agenda for schools.
The current data protection regime is being completely overhauled by the General Data Protection Regulation (“GDPR”) and you will have until 25 May 2018 to get your data fit for purpose and to comply with the new legislation.

How does it apply to schools?

GDPR will apply to all schools (including independent schools) and academies and it will also apply to any supplier you use to manage your data. Relevant data you may hold includes:

  • Staff and student files – both paper and online
  • Academic results and records
  • Student and Parent contact details
  • Attendance data
  • Medical and special education needs information
  • CCTV or other surveillance including any future use of body cameras

 

Specific issues for children’s data

Schools are in the unique position of processing large amounts of data about students under the age of 18. The position is relatively straightforward when dealing with younger children as you can get parental consent and engage with parents about how data is used. Once the student gets to a certain age, however, you have to explain to them how their data is used and potentially get their consent. This age is not set by the GDPR – it is to be set by the ICO. We don’t yet know where the line will be drawn but it could be as low as 13. What is clear is that it will be essential for schools to understand when they need to engage with parents and when they need to engage with the student. It will also be essential that your data protection information is clear and understandable to students as well as parents.

Isn’t this European Legislation and doesn’t Brexit mean schools won’t need to do anything?

Even though the GDPR is a European legislation, the government have confirmed that it will still apply after Brexit. If you have put your compliance on hold following the referendum, now is the time to restart it.

What happens if schools don’t comply?

Schools will be liable for breaches of the GDPR and will be subject to fines. Academies, free schools and independent schools will be treated in the same way as businesses and will be subject to potential fines of up to €20 million or 4% of annual worldwide turnover. In some ways schools are in a worse position than businesses as noncompliance with data protection law can be criticised by Ofsted and used as an indicator of poor data management in an Ofsted report.
Schools may also receive complaints from parents and investigation by the ICO for any breaches or improper management.

What are the key changes that will affect schools?

1 Your policies and procedures must be transparent
A key theme of the GDPR is transparency. You need to be clear with individuals how you are using their personal data. The GDPR extends the list of information that must be provided to individuals and how this information is communicated to staff, parents and students must be carefully considered as any communication must be understandable by its intended audience. This is particularly important in the context of students. Your privacy policies and notices will therefore need to be reviewed and are likely to need amending.


2 Individuals will have greater rights to request information
An individual’s right to access their data will be extended and you will be required to respond to requests more quickly.

The information that can be requested will be more extensive than that required under Freedom of Information requests, which we are aware schools are increasingly receiving. In addition, you won’t be able to charge a fee for responding and individuals will also have the right to have their data transferred and the right to have their data corrected.

3 You must notify the ICO about certain breaches
Certain data breaches which impact on privacy will have to be notified to the ICO and the individuals affected within 72 hours of it happening. A data breach can be something as simple as putting the wrong letter in the wrong envelope. You will need to monitor your systems to know whether or not there has been a breach and put a reporting mechanism in place to pick these up.

4 The grounds under which you can lawfully processing information are changing
Under the GDPR you will need to know what data you have, how you use it and be able to demonstrate that your use is permitted by falling within specified “lawful purposes”. One of these is that the individual has given you consent but this will be much harder to get. Under the GDPR any consent must be “freely given and informed”. Individuals will be able to easily withdraw their consent and you will also need to periodically refresh any consents given.

5 You may have to appoint a data protection officer
The GDPR will require that certain data controllers and processors must appoint a DPO. It is not yet clear if this will affect all schools, but even if it is not compulsory, it is best practice to appoint someone with knowledge about and responsibility for data protection who can help you to prepare for the changes.

6 You must be able to demonstrate that you have complied with the new requirements
You not only need to make sure you are doing the correct things to comply with GDPR, but must also have evidence to demonstrate that you have done so. It is essential that you maintain proper records and a clear paper trial to prove this.

7 You should train your staff and managers to ensure that they understand how the GDPR will impact on your school
Staff will need to understand the requirements of GDPR. In particular, key decision makers such as governors and trustees will require training. We recommend that you set aside additional management time and budget to meet the additional training requirements needed to get stakeholders up to speed. Actions required for GDPR compliance will be more burdensome than under the current regime and you can’t afford to be complacent.

We can help you

The Education Team at Irwin Mitchell have specialist data protection lawyers who are here to help every step of the way to help you understand what the requirements of the GDPR mean for your school and how to achieve compliance.

To learn more about what you will need to do and for a checklist of key things you need to start thinking about now, please contact:
Joanne Bone on 0113 218 6429 or by email at joanne.bone@irwinmitchell.com

For general enquiries

0808 291 3524

Or we can call you back at a time of your choice

Phone lines are open 24/7, 365 days a year

Contact us today

For a free initial consultation

Freephone

0808 291 3524

Prefer not to call?

Use our form

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.

Joanne Bone
Joanne Bone Partner Meet the team

About Irwin Mitchell

Founded in Sheffield in 1912, Irwin Mitchell has always been a bit different. Our advisers really get to know the people and business that we help.

We have offices around the UK so wherever you are, our experts can help.

Contact Us

Give us a ring to speak to a member of our team in the strictest confidence. Or you can fill out our contact form and we'll ring you back.

0370 1500 100

Our phone lines are open 24/7, 365 days a year

Get a call back

Fill in your details below and we'll be in touch as soon as possible

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.

  • Contact
  • 0370 1500 100
  • Contact Irwin Mitchell
  • Social Media
  • Twitter
  • Facebook
  • YouTube
  • LinkedIn
  • Instagram
  • About Irwin Mitchell
  • About Us
  • Responsible Business
  • Careers
  • Business Management
  • Alumni Programme
  • Pay A Bill
  • Complaints Procedure
  • SRA Regulated
  • Terms & Conditions
  • Accessibility
  • Privacy & Security
  • Hoaxes
  • Modern Slavery Act Statement
  • Manage Cookie Settings

© 2025  Irwin Mitchell LLP

Irwin Mitchell LLP is authorised & regulated by the Solicitors Regulation Authority. Our Regulatory Information

Dialog that contains a form to request a callback.

Request A Callback

Enter your details below and a member of our team will contact you within 24 hours

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.