Training / Event Details


GDPR Awareness Training

Instructor led training incorporating practical group sessions on GDPR – particularly designed for schools


Data Protection as it is now
o What Laws cover this? (DPA, CMA, PECR)
o Offences
o Penalties

The new GDPR – what is it and when does it apply?
o When passed
o When enforced
o Brexit?

What’s new in the GDPR?
o Accountability
o Privacy by Design
o Data Protection Officer
o Data Processors accountability
o Legal basis for data processing, consent etc.
o Fair Processing Notices
o Breach Notification
o Penalties
o Data transfers outside the EU

What does it mean for schools and the education industry?
o What data do you hold/process?
o Why do you hold/process this data?
o What is it used for?
o Who has access to it?
o Who is it shared with?
o Where is it stored/processed?
o How and when is it disposed of?
o Are the data subjects aware of the above?
o Profiling/automated decision making

How do you ensure compliance for your school?
o Audit of your data
o Justifying the data processing (legal basis/consent etc.)
o Privacy Impact Assessments
o Staff awareness and training
o Appointing a DPO
o Data Sharing Agreements and policies
o Privacy Notices
o Ensure you have a ‘paper trail’ as evidence
o Subject Access Requests

How do you check suppliers’ compliance?
o Accreditations? (ISO 27001 etc.)
o Contracts
o Documentation
o Data Portability (if you want to switch supplier etc.)
o Data retention periods
o Data disposal methods

How do you deal with data breaches?
o Breach Notification procedure
o Incident Response Plans
o Responsibility within school?
o Liability minimisation

How do you deal with Subject Access Requests?
o SAR procedure
o Responsibility within school?
o Working with your suppliers to fulfil SARs
o Data minimisation & retention

o Summary of the elements covered in the course

o Presentation of the GDPR software solution

o Q&A session


The GDPR (General Data Protection Regulation) will apply in the UK from 25th May 2018, changing the way schools manage and look after data and information; from paper in filing cabinets, through to the retention of student/staff records to monitoring day-to-day activities and security.

It is important that schools are aware of the changes and start planning their approach to GDPR compliance. Failure to comply with GDPR could see large fines issued for your school data controller.

GDPR is a complete change to current data protection and:

Strengthens & unifies data management
Makes it mandatory to report data breaches within 72 hours
3rd party data processors must be GDPR compliant
Mandates need for formal contract and/or SLA
Issue fines for non-compliance up to 20 million Euro's or 4% of global turnover
Gives control to individuals


On completion of the course delegates will have:

Awareness and understanding of the new GDPR and its impact on your organisation
The requirements GDPR will impose on you
Steps you need to take to ensure your organisation is compliant
How to ensure your suppliers are GDPR compliant
Practised practical skills you can apply in your own organisation.

Booking Information

Full day course with lunch provided, please advise of any dietary requirements.
A cancellation charge will apply if the course is cancelled within 10 days of the course taking place of the full course amount.


School senior leaders, data protection leads, compliance and governance officers, data managers, data officers, chief executives/directors from schools and MATs.

14 Mar 2018 09:15 - 16:30

Closing date: 09/03/2018
(requires login)
ICT Services for Education
Contact Provider

Date and Time

14 Mar 2018 09:15 - 16:30


Abbey Conference Centre, Bracondale, Norwich, NR1 2DD


Tanya Allen