- About Us
- About Association of Colleges
- AoC Governance
- AoC Regions
- AoC Charitable Trust
- AoC Sport
- Our Equality, Diversity & Inclusion Work
- Our Climate and Sustainability Work
- Our Work Across the Four Nations
- AoC National Chairs' Council
- Work for AoC
- About Colleges
- Corporate Services
- Data Protection/GDPR
Employment Services - college workforce
- Employment Services - college workforce
- Introduction & Employment Helpline
- Absence & Sickness Management
- Contracts and T&Cs
- Disciplinary, Capability & Grievance
- Employment Briefings Library
- Equality, Diversity & Inclusion
- General Employee Relations & HR Issues
- Industrial Relations
- ONS reclassification related guidance
- Pay & Pensions
- Redundancy, Restructuring & TUPE
- Workforce Benchmarking, Surveys & Research
- Get Involved!
- The 5Rs Approach to GCSE Maths Resits
- Apprenticeship Workforce Development (AWD) Programme
- Creating a Greener London – Sustainable Construction Skills
- Erasmus+ EXPECT Project
- Digital Roles Across Non-digital Industries
- T Level and T Level Foundation Year Provider Support Programme
- The Valuing Enrichment Project
- Higher and Extended Project Qualifications
- OfS - Higher Education Social Prescribing Project
- Pears Foundation Youth Social Action Programme: Phase 2
- Pears #Iwill Youth Social Action Apprenticeship Project
- T Level Professional Development (TLPD) Offer
- T Level Curriculum Macro-Sequencing
- Contact the Projects Team
- Sustainability & Climate Action Hub
- Honours Nomination
- Recruitment & Consultancy
- Events & Training
- Funding & Finance
- Meet the Policy Team
- Policy Areas
- Policy Briefings
- Policy Papers & Reports
- AoC Strategy Groups
AoC Reference Groups
- AoC Reference Groups
- Adults (inc. ESOL) Reference Group
- Apprenticeship Reference Group
- Technology Reference Group
- HE Reference Group
- 14-16 Reference Group
- Mental Health Reference Group
- 16-18 Reference Group
- SEND Reference Group
- WorldSkills Reference Group
- HR Reference Group
- Sustainability & Climate Change Reference Group
- EDI Reference Group
- Research Unit
News, Campaigns & Parliament
- News, Campaigns & Parliament
- Comms advice and resources for colleges
- Contact the Communications, Media, Marketing and Research Team
- AoC Newsroom
- AoC Blogs
- Work in Parliament
- AoC Campaigns
Love Our Colleges
- Love Our Colleges
- Colleges Week 2023
- Creative Writing in FE - Developing student voice through the written word
The General Data Protection Regulation (GDPR)
How we’re supporting you
This part of AoC's website explains the main GDPR issues for colleges. We will continually update this information with key updates from the Information Commissioners Office (ICO), important dates for your calendar, useful resources, blog posts and FAQs.
Model documents have been designed alongside college's needs and are available for members here. These documents are template data protection policies that have been developed by Irwin Mitchell LLP for the Association of Colleges to assist members in relation to their obligations under the GDPR and the Data Protection Act 2018. They have been prepared on the basis of what is required by law at the date they were prepared (clearly set out on the front cover of the documents), what is good practice, and our understanding of issues common to further education colleges. These template documents are for example purposes only, may not be suitable for your circumstances and should not be considered a substitute for the advice of a lawyer. You are advised to redraft these documents as needed to meet your requirements and to take legal advice on your policy documents. You agree you use these documents at your own risk in these respects.
Learn more about our consultancy services now.
GDPR Bespoke Support for Members & FE Colleges
AoC Services are now providing tailored GDPR support. This support will can provided in your college for Data Protection Officers, implementation teams and relevant staff teams. Our specialists are now working with individual colleges to ensure that they have successfully completed their data audits, are prepared for and implementing the enforced regulations and that they fully understand the impact of the rules on staff and learners.
GDPR is now here and here to stay. Whilst we may start to hear less about “GDPR”, it will very much exist through its absorption into the Data Protection Act.
So, what now?
- What do colleges do once they’ve put their governance in place?
- What about those who are still struggling?
In order to ensure ongoing GDPR support and guidance, AoC has a consultative service for our member colleges, with regards to their data protection compliance. We hope that this will allow all of our members to springboard into compliance. We can provide you with tailored in-house training, workshops and ongoing cyber security support. The focus of our support will be about helping you to achieving effective data protection compliance and will also include the constant monitoring and reviewing of that compliance – Our members will be able to strategically maintain their compliance.
Are GDPR ready?
Top questions to ask yourself:
- Have all your contacts opted-in to receive your communications?
- Can they update their preferences easily?
- Is your website privacy statement up to date and visible?
- However your data is stored, is it backed-up?
- Who in your organisation can access this data?
- If it’s not critical to their job can you restrict data access permissions?
- What are your procedures for security or data breaches?
- Have you appointed a Data Protection Officer (DPO)?
Key issues for discussion
- Consent – understand how new standards will affect the collection and processing of personal data
- Privacy impact assessments – understand the purpose, practical application and how to conduct a privacy impact assessment in your organisation
- Data subjects rights – assess how new rights to portability and the right to be forgotten affect operations within your business
- Data Protection Officer – examine the remit, purpose and how to avoid conflicts of interest of the role
- Scope of GDPR – understand how the increased territorial scope of the GDPR impacts on your operations