GDPR Statements from our trusted partners
On 25th May 2018 the GDPR regulation comes into force and will replace the existing legislation (Data Protection Act 1998) governing the use of personal data. Schools, academies and trusts have been advised by the ICO to take steps in preparation for the changes that will be introduced.
hi-impact and data protection specialists Judicium have joined forces to offer schools a unique and comprehensive range of GDPR services. These services will firstly support your school with achieving confidence and compliance in all matters of data protection, ensure all staff are trained on their responsibilities with personal data, and then support your ongoing GDPR compliance through the provision of a designated Data Protection Officer.
Who are Judicium Education?
Judicium Education is a professional services company operating in the education sector. Originally founded by a team of barristers to provide employment law advice to schools, our services have since grown to cover almost every area of professional services. We now operate in over 500 schools and are present in over 60 Local Authorities all the way from Cornwall in the South West to Hull in the North East.
Judicium Education is passionate about delivering best-of-breed services to our clients. We strongly believe that the quality of support services is a crucial factor in determining the success of a school.
Our primary objectives are threefold: to recruit the best people to work for us, to deliver the best services to our clients, and to do so with minimum intrusion and maximum effect.
We hope you’ll enjoy working with us.
Providing advice and guidance when required
We will appoint a designated consultant to manage your account. He/she will be an expert in this area and inform and advise your school or MAT, and your employees about the obligations that are required to comply with the GDPR and other data protection laws. This will be done by way of reports, information sheets and training. Telephone and email advice is also available for school or MAT leaders.
Creating and maintaining data records
We will create and maintain comprehensive records of all the data processing activities carried out by the school or MAT, including the purpose of all activities, which must be made public upon request.
Drafting data policies and procedures
We will devise and maintain policies and procedures to regulate your processing of personal data and set out how to interact with external bodies, regulatory authorities, data subjects and information seekers.
Providing training for employees
We will offer training to your employees on compliance with GDPR and other data protection laws.
Acting as the first point of contact with authorities
We will be the first point of contact for supervisory authorities and for individuals whose data is processed.
Managing Subject Access Requests and those under Freedom of Information Act
We will manage enquiries under data protection and freedom of information laws, in that we will manage the data collection process, as carried out by your employees under our direction, and draft the various correspondences with the data subjects and regulatory authorities.
Conducting an annual audit of your data processes
In addition to providing regular updates, we will carry out an annual audit to provide an assessment of whether your school or MAT is following good data protection practice. The audit will look at whether you are following your policies and procedures and make recommendations for improvements including any new guidance from the ICO.
The below is a selection of questions, recently asked by Judicium schools.
Our answers are below.
– How long should we keep Student Records for?
Student records should be kept until the pupil turns 25.
– How long should we keep HR Records for?
6 years from the date of leaving (this is the legal time limit individuals have to raise
a claim in the county court)
-How long should we keep Finance Records for (previous years)?
As above, the limitation period for financial records is also 6 years (6 years from the
end of the financial year). It is suggested to keep details of any loan payments for
12 years from the final loan payment and the employer’s liability insurance
certificate should be kept permanently.
-Should we archive the above in digital format or hard copy?
Need archiving and disposal of both digital and hard copy records. The best thing to
do is to get retention policies in place (which Judicium can provide) and then to
abide by the periods set out within.
– Should windows/internal doors with glass panes be obscured? Computer screens in the Admin office are positioned next to windows.
This isn’t a requirement. Schools can consider doing this; but provided data is
handled securely and individuals are trained to lock computers when they leave their
workstations this should be sufficient.
– Can exam information be displayed outside examination rooms? Currently a
list of students and the exam they are sitting would be displayed outside an
Yes, as it is only a name and details of the examination. Moreover, because the
purpose of the notice is to ensure that the correct students are attending the correct
examination. You could consider moving the notice to within the room; to avoid
people not entitled to view the information from seeing it. But this is not a legal
– Will the Judicium SLA cover the PTA too?
Our SLA won’t cover the PTA. They are a separate legal entity, to the school.
However, as a gesture of goodwill we will provide to the school template documents and guidance notes for its PTA. We’re happy to do this at no additional charge. However, we wouldn’t be able to advise the PTA itself.
We shall continue to update this FAQ section so please make sure you revisit to keep up to date.
If you have a GDPR question, why not CONTACT US and we can feature the answer in our FAQ
IMPORTANT : If you have an urgent, GDPR legal matter that requires immediate assistance from Judicium then please contact them directly on :
020 7336 8403