Skip to main content

Confidentiality, data protection and disclosure of information in academy trusts and schools

Data protection and information sharing affects the people you employ, through to students and any third parties you are engaged with.

You will hold, use and potentially share a wide variety of personal information about the people you employ through to your pupils and students and any third parties you are engaged with. The costs and risks of mismanaging data are high; with high fines, reputational issues and even criminal penalties should things go wrong.

The General Data Protection Regulation (GDPR), which came into effect in May 2018 superseded the Data Protection Act 1998. It revolutionises data protection and has a potentially huge impact on UK schools, academies and colleges. With it comes significant change and a culture of privacy that must be embedded within your organisation. Those in breach of the GDPR will face heavy financial penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our expert team of lawyers advise and assist schools on the approach you should be taking to handling data within your organisation. We advise on all areas of information law from the implications of data protection to the Freedom of Information Act.

What we do...

  • Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with European data protection rules.

  • Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance. 

  • Supporting data breach management - we have extensive experience of providing legal support to clients at all stages, including preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege. 

  • Supporting privacy related litigation - we advise clients who are bringing or defending civil actions for breach of data protection, breach of confidence and for misuse of private information. We defend clients under investigation for criminal offences related to unlawful use of personal information. We also support victims of data crime or those have acted as witnesses in criminal investigations. 

  • The General Data Protection Regulation (GDPR) - we understand how the GDPR impacts UK businesses and are working with clients to lead efforts on their GDPR and cyber-security compliance programmes. 

  • Training and updates - we offer bespoke on-site training on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance. 

  • Responding to and undertaking law enforcement requests for access to personal data - we advise on managing requests for information from a wide range of law enforcement bodies. We have advised clients on complying with mandatory and discretionary requests. In doing so, we are always mindful of the risks arising from the Freedom of Information Act. 

  • Data protection audit - we offer a range of auditing services advising organisations on their internal approach to data protection and privacy and data breach. We manage the registration and renewal process for notifications with the Information Commissioner’s Office (ICO). 

Featured experience

A national public body

Advising a national public body on its policy in dealing with FOI requests. The client received confidential information alleging the misuse of public money and was concerned to ensure it was able to keep the identity of those providing such information confidential.

DPA compliance

Ensuring DPA compliance when our client’s auditors raised concerns over their compliance with all the provisions of the Data Protection Act 1998.

A group of schools

Supported a group of schools in drafting a Memorandum of Understanding as part of the process of moving towards formal collaborations. The work has involved dealing with the sensitivities of individual schools who, whilst aware of each other in an informal way, have not had the relationship of trust that includes sharing sensitive data for a greater good.

A school

Advising a school on the subsequent application under the Data Protection Act for sight of an allegation that a staff member had entered into a relationship with the pupil at the school a number of years earlier. We gave full support to the school, advising on the employment law issues and on the complaint by the staff member regarding the details to be noted on their personnel file.

Related expertise

Key contacts

You may be interested in...


Some Video

Example video alt text
Watch the video

Example transcript 

Lorem ipsum dolor sit amet consectetur adipiscing elit primis, placerat maecenas pharetra sed mattis eget integer dignissim, convallis conubia nunc purus leo ultrices est. Ad ullamcorper potenti commodo erat inceptos condimentum odio, ut cursus iaculis quam a leo pharetra, per curabitur duis accumsan nisl ac. Hendrerit ultricies aliquam malesuada nulla vivamus lectus ridiculus litora suscipit parturient nam, odio purus facilisis ornare aptent ante justo pulvinar ultrices semper.

Tempus convallis pellentesque semper egestas posuere vulputate magnis nunc, nostra torquent vitae odio accumsan ac ornare aliquet arcu, eu habitant orci dis luctus sagittis ridiculus. Ad varius laoreet lacus nam ultrices orci purus non, hac sagittis mus consequat tempus phasellus tristique turpis, egestas condimentum velit fames placerat litora mattis. Quisque conubia non dictumst aliquet hendrerit praesent arcu dui natoque, etiam ullamcorper libero ligula per enim id nec fusce lacinia, consequat commodo rhoncus gravida tempor aenean donec ut.