Education Bulletin - Summer 2020

Published date23 July 2020
Subject MatterConsumer Protection, Privacy, Data Protection, Education
Law FirmWrigleys Solicitors
AuthorWrigleys Solicitors

Welcome to our Summer education bulletin.

In this issue, we highlight the recent school related case of School Facility Management Ltd and others v Governing Body of Christ the King College which provides some much needed clarity on the capacity of a maintained school to enter contracts.

Also, with schools reopening, we offer a reminder on some of the issues to be taken into consideration, including decision making by academy trusts and the requirement of your school's data protection impact assessment. In readiness for the new school year we highlight key changes in the 2020 Academies Financial Handbook whilst our continuing look at governance and exempt charity status focuses on sixth form colleges.

Our summer employment update webinar series, which takes the place of Wrigleys annual conference, includes a refresh on equality in the workplace. More regular Covid-19 updates and what that means for staff are posted to the news page on our website and linked through Twitter and LinkedIn.

DATA PROTECTION IMPACT ASSESSMENTS - A QUICK GUIDE FOR SCHOOLS

This article explores the use of DPIAs in schools, when they must be used and tips on undertaking a meaningful assessment of data protection risks.

Data Protection Impact Assessments ("DPIAs") are a crucial part of any school's data protection toolbox. DPIAs help to identify risks to personal data at the outset of a project so that the protection of personal data is a key consideration throughout delivery. DPIAs also act as a good opportunity to pause and consider the measures currently in place within a school for data protection compliance and to develop these processes on an ongoing basis.

Obligation to undertake a DPIA

A DPIA must be undertaken where there is likely to be a high risk to the rights and freedoms of a data subject resulting from a processing activity. A processing activity is a broad term to describe something the school is planning to do involving personal data.

What constitutes a high risk to the data subject's rights and freedoms will depend on the individual project, but a group of European Data Protection Authorities (including the Information Commissioner's Office from the UK) have provided guidelines on what might constitute such a risk.

Factors to be taken into account include where there is a combining of datasets (e.g. as a result of an academy joining an existing academy trust) and where there will be processing of sensitive information of a personal nature (such as health information, or trade union membership details for staff). This will be particularly relevant where a school will be gathering health information as part of its covid-19 response and school re-opening.

DPIAs are more likely to be required where...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT