GDPR

The General Data Protection Regulation (GDPR)

The law on data protection in the UK will be significantly strengthened this year. Colleges, like all companies and organisations, need to anticipate this change and prepare now. The change in the law takes place at a time when individuals are much more aware of the value of their own data and the way in which is used. 

How we’re supporting you

This part of AoC's website explains the main GDPR issues for colleges. We will continually update this information with key updates from the Information Commissioners Office (ICO), important dates for your calendar, useful resources, blog posts and FAQs. 

Model documents have been designed alongside college's needs and are available for members here.  These documents are template data protection policies that have been developed by Irwin Mitchell LLP for the Association of Colleges to assist members in relation to their obligations under the GDPR and the Data Protection Act 2018. They have been prepared on the basis of what is required by law at the date they were prepared (clearly set out on the front cover of the documents), what is good practice, and our understanding of issues common to further education colleges. These template documents are for example purposes only, may not be suitable for your circumstances and should not be considered a substitute for the advice of a lawyer. You are advised to redraft these documents as needed to meet your requirements and to take legal advice on your policy documents. You agree you use these documents at your own risk in these respects.

Learn more about our consultancy services now.

New GDPR Bespoke Support for Members & FE Colleges

AoC Create are now providing tailored GDPR support. This support will can provided in your college for Data Protection Officers, implementation teams and relevant staff teams. Our specialists are now working with individual colleges to ensure that they have successfully completed their data audits, are prepared for and implementing the newly enforced regulations and that they fully understand the impact of the new rules on staff and learners.

The new GDPR is now here and here to stay. Whilst we may start to hear less about “GDPR”, it will very much exist through its absorption into the Data Protection Act.

So, what now?

  • What do colleges do once they’ve put their governance in place?

  • What about those who are still struggling?

In order to ensure ongoing GDPR support and guidance, AoC is launching a new consultative service for our member colleges, with regards to their data protection compliance. We hope that this will allow all of our members to springboard into compliance. We can provide you with tailored in-house training, workshops and ongoing cyber security support. The focus of our support will be about helping you to achieving effective data protection compliance and will also include the constant monitoring and reviewing of that compliance – Our members will be able to strategically maintain their compliance.


​Are you ready for the GDPR?

Top questions to ask yourself:

  • Have all your contacts opted-in to receive your communications?
  • Can they update their preferences easily? 
  • Is your website privacy statement up to date and visible?
  • However your data is stored, is it backed-up?
  • Who in your organisation can access this data? 
  • If it’s not critical to their job can you restrict data access permissions?
  • What are your procedures for security or data breaches?
  • Have you appointed a Data Protection Officer (DPO)?


​Key issues for discussion

  • Consent – understand how new standards will affect the collection and processing of personal data
  • Privacy impact assessments – understand the purpose, practical application and how to conduct a privacy impact assessment in your organisation
  • Data subjects rights –  assess how new rights to portability and the right to be forgotten affect operations within your business
  • Data Protection Officer – examine the remit, purpose and how to avoid conflicts of interest of the role
  • Scope of GDPR – understand how the increased territorial scope of the GDPR impacts on your operations


AoC will update this page regularly over the coming months.