The General Data Protection Regulation (GDPR)

The law on data protection in the UK will be significantly strengthened this year. Colleges, like all companies and organisations, need to anticipate this change and prepare now. The change in the law takes place at a time when individuals are much more aware of the value of their own data and the way in which is used. Law or no law; this is an issue which colleges should focus on.

How we’re supporting you

This part of AoC's website explains the main GDPR issues for colleges. We will continually update this information with key updates from the Information Commissioners Office (ICO), important dates for your calendar, useful resources, blog posts and FAQs.  AoC Create are running a series of workshops around the UK to ensure that members are ready for changes. Learn more about our GDPR workshops and book your place now. Additionally, our AoC Create Consultancy team are working with individual colleges to ensure they have successfully completed thier data audits, are prepared for when the regulations are enforced, and that they fully understand the impact of the new rules on staff and learners. Learn more about our consultancy services now.

​Are you ready for the GDPR?

Top questions to ask yourself:

  • Have all your contacts opted-in to receive your communications?
  • Can they update their preferences easily? 
  • Is your website privacy statement up to date and visible?
  • However your data is stored, is it backed-up?
  • Who in your organisation can access this data? 
  • If it’s not critical to their job can you restrict data access permissions?
  • What are your procedures for security or data breaches?
  • Have you appointed a Data Protection Officer (DPO)?

​Key issues for discussion

  • Consent – understand how new standards will affect the collection and processing of personal data
  • Privacy impact assessments – understand the purpose, practical application and how to conduct a privacy impact assessment in your organisation
  • Data subjects rights –  assess how new rights to portability and the right to be forgotten affect operations within your business
  • Data Protection Officer – examine the remit, purpose and how to avoid conflicts of interest of the role
  • Scope of GDPR – understand how the increased territorial scope of the GDPR impacts on your operations

AoC will update this page regularly over the coming months.