Skip to content
Freeths - Law firm

Data Privacy and Cyber Security

Commercial Education

Why is excellent legal advice for UK GDPR and Cyber Security so important?

UK GDPR has raised the bar significantly in terms of the expectations of all organisations that process personal data whether that data is under their control or processed under instructions from a data controller such as a school or university.

There will also be other data of immense value, important to the success of your business, adding to the significance of maintaining the highest levels of cyber security possible.

The United Kingdom’s pioneering approach to the protection of children who access the Internet and use smartphone apps adds to the significance of this area in terms of having good data management and governance.

And the advent of an Online Harms regime will present a further reason for many education businesses to spend time giving attention to requirements for compliance with legislation and guidance.

Whatever requirements you have and whenever they arise, Freeths can be on hand to help. We’ve invested significantly including in technological solutions to assure our clients that we can respond rapidly and positively to issues that could cost a business dearly and place its reputation on the line.

Person Image

Frank Suttie


Phone: 0345 128 6996


Our expert advice is available in relation to specific data privacy issues:

  • Support for Data Protection Officers;
  • Data Privacy Impact Assessments;
  • Facial recognition and other biometric applications;
  • Management of data breaches;
  • Data subject access requests;
  • CCTV systems and compliance;
  • Management of personal data issues in Freedom of Information requests;
  • International data transfers and representation in overseas territories.

How our data privacy team can help:

  • Compliance programmes – fixed or capped fee based delivery of required documentation and a helpdesk facility (optional). If you have concerns about the present state of compliance we can make a start with a fixed price audit of current documentation and procedures
  • Data Privacy Policies – for larger employers having a comprehensive policy statement is crucially important evidence under the accountability principle – ensuring that not just the business but also your people fully appreciate their responsibilities.
  • Data Subject Access Requests (“DSARs”)  – individuals have become more aware of their data rights since May 2018, and there has been a substantial increase in the number of DSARs that businesses have received since then. These DSARs not only present a compliance challenge but may also be the first sign of potential litigation against the business.  We provide a suite of DSAR support services to support clients, from initial triaging advice to full document review support using DSAR-trained lawyers and our IT review platform. As Freeths is a full-service law firm, we often work as part of a multi-disciplinary team.
  • Data processing and sharing agreements – compliant with the requirements under UK GDPR including ICO guidance
  • International data transfers and third country due diligence – we can help you in addressing the complexities of securing compliant international transfers to a background of increasing due diligence requirements.
  • Managing major data breaches – a notable feature of our practice is our ability to respond rapidly to situations that arise, providing immediate attention and helping the client to develop the right strategies for any scenario encountered.

Where we have helped previously:

We have advised a client on its processing of biometric data as part of the roll-out of a project that was one of the first of a new product. We advised the client on how to render its processing of biometric data compliant with UK GDPR and supported the client on the preparation of its Data Protection Impact Assessment for this project.”

We advised a client in the education sector on its responses to DSAR and Freedom of Information requests in relation to an employment dispute with a former Head Teacher. We advised the client on its searching and reviewing of key documents, and collaborated with colleagues from our Employment Team to support the client on the strategic aspects of this sensitive and contentious matter.”

An education software provider received an request from the Information Commissioner’s Office requiring responses to a series of questions relating to a key product sold to schools. The request was focussed on the use of artificial intelligence based decision-making within the product and required responses to questions touching on the processes that the client had in place that underpinned compliance of the product with GDPR. Freeths supported the client in responding and helped the client secure a clearance from ICO confirming that ICO had no observations or concerns relating to the processing of personal data through the product.”

Data Protection Update – Summer 2023

In this edition we look at: the EU/US Data Privacy Framework and the UK’s extension to this Framework, the ICO’s journalism code, the World Ethical Data Foundation’s open standard for responsible AI and the ICO’s guidance on privacy enhancing technologies.

Read our full analysis >

Client service

‘Doing the right thing’ is at the heart of Freeths. Find out more about our excellent client service and the strong set of values that guide the way we work.

Our values


Talk to us

Freeths are a leading national law firm with 13 offices across the UK. If you have a query about our services or just want to find out more, why not give us a call?

Contact: 03301 001 014

Choose an office:

Portfolio close
People CV Email

Remove All

Click here to email this list of people to a colleague.