GDPR for Schools & Charities
Getting ready for the GDPR
We advise schools and charities on all aspects of compliance with the General Data Protection Regulation (GDPR), Data Protection Act 1998 and related legislation such as the Privacy and Electronic Communications Regulation 2003.
View for our 'GDPR Compliance Strategy ' document setting out the ways in which we can assist you.
Our areas of expertise include:
- advising and assisting with GDPR audits
- ad hoc GDPR compliance advice on matters such as consents, legitimate interests, data sharing agreements, privacy impact assessments
- application of the Privacy Regulations to marketing campaigns
- assistance with investigations and proceedings brought by the Information Commissioner’s Office
- contracts relating to data processing by third parties and data security
- evaluating whether you have consent or other entitlement to deal with personal data
- the interface of data protection and fundraising legislation and regulation
- transferring data overseas
- supporting data protection officers
We regularly draft and/or review a wide range of business agreements, terms and conditions and compliance policy documents for schools and charities and many of these will regulate the manner in which intellectual property rights or personal data are used. We act for schools and charities that both receive and supply goods and services, so we understand critical issues from both perspectives.
Subject Access Requests
It is common for schools and charities to receive Subject Access Requests (SARs) from service users or staff. The Data Protection Act 1998 provides living individuals with the right to request disclosure of their personal data which is being processed by the charity. This right will be preserved under the GDPR. While the purpose of this right is to check the accuracy of personal data, the motivation behind such requests may vary depending on the circumstances. SARs can generate a substantial administrative burden but we will support you so that you are not distracted from the daily business of running your organisation. We will guide you through your response to such requests, ensuring that it complies with its statutory duties and does not breach the data rights of any third party in the process. We will help you identify which data fall within the scope of the SAR, where statutory exemptions apply and in presenting the disclosure in accordance with essential statutory requirements.
Please contact one of our specialists who will be happy to discuss your matter with you:
Gordon Reid: 01483 464224
Laurie Heizler: 01483 464272
Ben Collingwood: 01483 464204