0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

data protection and information sharing

You will hold, use and potentially share a wide variety of personal information about the people you employ through to your pupils and students and any third parties you are engaged with. The costs and risks of mismanaging data are high; with high fines, reputational issues and even criminal penalties should things go wrong.

The General Data Protection Regulation (GDPR), which in May 2018 will supersede the Data Protection Act 1998, revolutionises data protection and has a potentially huge impact on UK schools, academies and colleges. With it comes significant change and a culture of privacy that must be embedded within your organisation. Those in breach of the GDPR will face heavy financial penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our expert team of lawyers advise and assist schools on the approach you should be taking to handling data within your organisation. We advise on all areas of information law from the implications of data protection to the Freedom of Information Act.

what we do...

  • Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with European data protection rules.
  • Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance.
  • Supporting data breach management - we have extensive experience of providing legal support to clients at all stages, including: preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege.
  • Supporting privacy related litigation - we advise clients who are bringing or defending civil actions for breach of data protection, breach of confidence and for misuse of private information. We defend clients under investigation for criminal offences related to unlawful use of personal information. We also support victims of data crime or those have acted as witnesses in criminal investigations.
  • The General Data Protection Regulation (GDPR) - we understand how the GDPR will impact UK businesses and are working with clients to lead efforts on their GDPR and cyber-security compliance programmes.
  • Training and updates - we offer bespoke on-site training on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
  • Responding to and undertaking law enforcement requests for access to personal data - we advise on managing requests for information from a wide range of law enforcement bodies located in the. We have advised clients on complying with mandatory and discretionary requests. In doing so, we are always mindful of the risks arising from the Freedom of Information Act.
  • Data protection audit - we offer a range of auditing services advising organisations on their internal approach to data protection and privacy and data breach. We manage the registration and renewal process for notifications with the Information Commissioner’s Office (ICO).

related resources

Upcoming webinars

Optimus webinar: GDPR – the role of the data protection officer

At this Optimus organised webinar, Dai Durbridge explores what the data protection officer's role involves and how to prepare for it.

View upcoming webinars

How to implement GDPR in your school - hear from Dai Durbridge and Helena Wootton

Whether your school is an academy, a maintained school or part of a multi-academy trust, the General Data Protection Regulation (GDPR) will apply to you from 25 May 2018.


Upcoming webinars

How to implement GDPR in your school

Whether you are part of a single academy, a maintained school or a multi-academy trust, the General Data Protection Regulation will apply to your school from 25 May 2018.

View upcoming webinars

Legal updates

Ransomware - be aware

On 4 January 2017, Action Fraud, the UK’s national reporting centre for fraud and cyber-crime, issued a cyber-security alert to schools.


what our clients say....

what the directories say...

recent experience

related opinions