This session provides a strategic overview of UK GDPR tailored specifically for school governors and trustees. It focuses on governance responsibilities, accountability, and the role governors play in ensuring their school or trust manages personal data lawfully and effectively.

Designed at a non-operational level, the session equips governors with the knowledge to provide appropriate oversight, challenge, and assurance in relation to data protection compliance.

What this course contains

The course introduces the key elements of UK GDPR from a governance perspective, including:

• An overview of UK GDPR and the importance of accountability.
• The role of the Data Protection Officer (DPO) and how governors should engage with them.
• Key compliance areas, including Subject Access Requests (SARs), Freedom of Information (FOI) requests, data breaches, and Data Protection Impact Assessments (DPIAs).
• Understanding what constitutes a data breach and when notification is required.
• The risks of non-compliance, including regulatory action, complaints, and reputational damage.
• Practical steps governors can take to monitor compliance and provide effective oversight.
• Real-world scenarios and questions to support understanding and challenge.

Intended outcomes:

By the end of the session, participants will:

1. Understand the key principles of UK GDPR and the concept of accountability.
2. Be aware of the governor’s role in overseeing data protection compliance.
3. Recognise key risk areas, including SARs, FOIs, data breaches, and DPIAs.
4. Gain confidence in asking the right questions and providing effective challenge and support.

There is no formal assessment. A live Q&A will be available throughout the session to support discussion and practical application