0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

data protection and information sharing

You will hold, use and potentially share a wide variety of personal information about the people you employ through to your pupils and students and any third parties you are engaged with. The costs and risks of mismanaging data are high; with high fines, reputational issues and even criminal penalties should things go wrong.

The General Data Protection Regulation (GDPR), which came into effect in May 2018 superseded the Data Protection Act 1998. It revolutionises data protection and has a potentially huge impact on UK schools, academies and colleges. With it comes significant change and a culture of privacy that must be embedded within your organisation. Those in breach of the GDPR will face heavy financial penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our expert team of lawyers advise and assist schools on the approach you should be taking to handling data within your organisation. We advise on all areas of information law from the implications of data protection to the Freedom of Information Act.

what we do...

  • Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with European data protection rules.
  • Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance.
  • Supporting data breach management - we have extensive experience of providing legal support to clients at all stages, including: preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege.
  • Supporting privacy related litigation - we advise clients who are bringing or defending civil actions for breach of data protection, breach of confidence and for misuse of private information. We defend clients under investigation for criminal offences related to unlawful use of personal information. We also support victims of data crime or those have acted as witnesses in criminal investigations.
  • The General Data Protection Regulation (GDPR) - we understand how the GDPR impacts UK businesses and are working with clients to lead efforts on their GDPR and cyber-security compliance programmes.
  • Training and updates - we offer bespoke on-site training on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
  • Responding to and undertaking law enforcement requests for access to personal data - we advise on managing requests for information from a wide range of law enforcement bodies located in the. We have advised clients on complying with mandatory and discretionary requests. In doing so, we are always mindful of the risks arising from the Freedom of Information Act.
  • Data protection audit - we offer a range of auditing services advising organisations on their internal approach to data protection and privacy and data breach. We manage the registration and renewal process for notifications with the Information Commissioner’s Office (ICO).

related resources

Legal updates

Understanding and dealing with issues relating to parental responsibility

The DfE have recently issued an updated version of their guidance for schools about parental responsibility which can be found at ...


Legal updates

be connected newsletter for education

In this edition we will connect you with a comprehensive selection of the very latest in legal updates, news and insight from the education sector.


Legal updates

Receiving a freedom of information request

As public authorities, maintained schools and academies (and trusts) are required to respond to requests for information they hold under the Freedom of Information Act 2000.


GDPR in education - the DPO role in schools and academies

This session was aimed at those undertaking the Data Protection Officer (DPO) role in schools and academies. It focuses on making sure you are fully equipped to begin your role on 25 May and will include, knowing and disseminating your policies, staff training and raising awareness, managing Subject Access Requests (SARs) and data breaches, your training.


what our clients say....

what the directories say...

recent experience

related opinions