GDPR

The General Data Protection Regulation (GDPR)

The law on data protection in the UK will be significantly strengthened this year. Colleges, like all companies and organisations, need to anticipate this change and prepare now. The change in the law takes place at a time when individuals are much more aware of the value of their own data and the way in which is used. 


How we’re supporting you

This part of AoC's website explains the main GDPR issues for colleges. We will continually update this information with key updates from the Information Commissioners Office (ICO), important dates for your calendar, useful resources, blog posts and FAQs. 

Model documents have been designed alongside college's needs and are available for members here.

Learn more about our consultancy services now.

New GDPR Bespoke Support for Members & FE Colleges

AoC Create are now providing tailored GDPR support. This support will can provided in your college for Data Protection Officers, implementation teams and relevant staff teams. Our specialists are now working with individual colleges to ensure that they have successfully completed their data audits, are prepared for and implementing the newly enforced regulations and that they fully understand the impact of the new rules on staff and learners.

The new GDPR is now here and here to stay. Whilst we may start to hear less about “GDPR”, it will very much exist through its absorption into the Data Protection Act.

So, what now?

  • What do colleges do once they’ve put their governance in place?
  • What about those who are still struggling?

In order to ensure ongoing GDPR support and guidance, AoC is launching a new consultative service for our member colleges, with regards to their data protection compliance. We hope that this will allow all of our members to springboard into compliance. We can provide you with tailored in-house training, workshops and ongoing cyber security support. The focus of our support will be about helping you to achieving effective data protection compliance and will also include the constant monitoring and reviewing of that compliance – Our members will be able to strategically maintain their compliance.


​Are you ready for the GDPR?

Top questions to ask yourself:

  • Have all your contacts opted-in to receive your communications?
  • Can they update their preferences easily? 
  • Is your website privacy statement up to date and visible?
  • However your data is stored, is it backed-up?
  • Who in your organisation can access this data? 
  • If it’s not critical to their job can you restrict data access permissions?
  • What are your procedures for security or data breaches?
  • Have you appointed a Data Protection Officer (DPO)?


​Key issues for discussion

  • Consent – understand how new standards will affect the collection and processing of personal data
  • Privacy impact assessments – understand the purpose, practical application and how to conduct a privacy impact assessment in your organisation
  • Data subjects rights –  assess how new rights to portability and the right to be forgotten affect operations within your business
  • Data Protection Officer – examine the remit, purpose and how to avoid conflicts of interest of the role
  • Scope of GDPR – understand how the increased territorial scope of the GDPR impacts on your operations


AoC will update this page regularly over the coming months.