Documents added to our portal
We have recently added a Privacy Notice for Pupils, a one-page document designed to be easily accessible for young pupils, to our documents section. We have also introduced a booklet containing top tips and common FAQs surrounding GDPR. This can be given to staff or displayed in common areas (such as the staff room) to increase awareness. Don’t forget that there are template privacy notices and letters regarding Covid-19 and test and trace also available in our documents section.
Brexit and transfers of Data outside of the UK
As a result of Brexit, from the 1st January 2021, the UK will be a third country for the purposes of GDPR. This means that, unless the EU make a finding that the UK’s data protection levels are adequate before 1st January 2021 then alternative measures will need to be in place with third party providers in order to transfer data from Europe into the UK.
There are several alternatives available. One of the easiest to implement is Standard Contractual Clauses (SCCs) with the third party you intend sharing data with outside of the UK. For now, there is no need to do anything substantial with those third parties affected by this change. The official communication is that the UK remain hopeful an adequacy decision will be in place before the Brexit date.
But as the date draws closer, it is important to note any third parties you use that process data outside of the UK, in case an adequacy decision is not reached in time. This can be done by using a third-party data sharing register which is on our documents portal (under the section “Processing”) and then reviewing third parties privacy information as there are education providers who are affected by this change. Judicium can review providers privacy information for you and advise further if you are unsure.
In another development, a recent case on 16th July 2020 invalidated the EU-U.S Privacy Shield, a mechanism that previously made it safe for organisations to transfer data to the USA. As a result of this case, it is also important to determine whether any third parties process personal data in the USA (again there are some education providers who are affected by this). Those companies who process data within the USA will need to put in place an alternative measure (such as SCCs) and so schools should be seeking to put these provisions in place as soon as possible.
Judicium can advise further on how this may affect your school and can communicate directly with those third-party organisations on your behalf where possible
Related content
Discover how to manage the summer SAR surge, handle AI-generated requests, and remain compliant with ICO guidelines during school holiday closures.
Filtering and monitoring are now explicit data protection expectations for schools. Discover how to align your safeguarding systems with updated DfE compliance standards, manage data retention, and implement cross-functional governance across your trust.
Under the new framework, Ofsted safeguarding has shifted from checklist compliance to a live, embedded culture. Discover what inspectors are looking for on the ground and what it takes to secure a "met" judgement.
An in-depth look at External Reviews of Governance (ERGs) across maintained schools and academy trusts, exploring criteria for independent reviewers, common compliance themes, and practical next steps for boards.
Quieter campuses introduce unmonitored compliance gaps, complex safeguarding crossovers, and reduced leadership oversight. Learn how to bridge these operational gaps to ensure a seamless transition into the new term.
Prepare your school or MAT for upcoming statutory updates. Discover key shifts across online safety, mental health, and more.
Sofa Sessions | Data Protection