MAT Governance & Compliance Seminar
Data Protection - What is your risk appetite?
Wednesday 6 December 2023, Churchill War Rooms, London
Agenda
09:00 Refreshments and networking
09:30 Welcome
09:40 DPIAs: the legal detail (not as boring as you’d expect!)
Clare Wilson, Team Leader, Education Data Hub
From Keeping Children Safe in Education 2023 to the Data Protection Act 2018 and UK GDPR, and beyond to the Children’s Code and legislation currently before parliament, this session will explore the “what” and the “why” of Data Protection Impact Assessments. It will include the messages you can relay to your staff so they, in turn, understand the importance and relevance of DPIAs. This exploration of the theory and the law the perfect lead into the practical session later and both will equip you with the tools and confidence to carry out your own DPIAs (and the knowledge of who to call on if and when you need further help).
10:30 Cyber Risk – For you, and your suppliers
Elliot Lewis, Chief Information Security Officer, ParentPay Group
Join us for a crash course on cyber risk – in particular, three approaches you can use to varying degrees to build a better picture of both your own cyber posture, but also that of your suppliers. We expect to share some fascinating (perhaps somewhat frightening) insights into attacker behaviours, and provide practical solutions to help mitigate your risk. You will (hopefully!) leave with some new tricks up your sleeve – different methods you can employ to suit you and your organisations unique approach and risk appetite. We will be sharing new resources, templates, valuable references and technology options - note however, this is not a sales pitch!
11:15 Refreshments and networking
12:00 Managing the Data Protection challenges in large and growing Multi Academy Trusts
James Garnett, Director of IT, United Learning
There are 100’s of applications – software, apps, web portals – eager for your school’s money and data, promising improved educational outcomes and reducing workload. The hardest part maybe finding ones which actually deliver on their promises, but before committing to a purchase, or subsequent renewal, there are other things to consider. In this session, we will explore the challenges faced by a very large MAT as it strives to meet its data protection obligations combined with an ambitious digital strategy and growth. We will look at strategies you can put in place to manage application procurement, DPIAs, IARs and RoPA at school and Trust level while trying to make the process as simple as possible but still meet one’s legal obligations.
12:45 Lunch and networking
13:45 DPIA workshop
Leila Granger, Data Protection Adviser, Education Data Hub
We will provide attendees with a templates for a basic and full DPIA as well as a checklist for Article 28 of the GDPR. We will use these resources to guide you through carrying out a DPIA on two very popular EdTech products.
14:45 Refreshments and networking
15:15 DPIA workshop continued
16:00 Seminar close, networking and complementary tour of the museum
Meet our speakers

Clare Wilson Team Leader
Education Data Hub
Clare Wilson LL.B (hons) Lond, QTLS, MSET, CIPP/E, CIPM, former senior leader and teacher. Clare’s background as a DPO, an author, senior examiner, teacher trainer and teacher of law, makes her uniquely placed to manage a team committed supporting management and governance in education.
Education Data Hub began in 2017 with one person whose job was to assess what support Derbyshire schools needed to help them comply with the new GDPR. The answer was a lot! So the service formed starting with 30 pilot schools. Our team of qualified Data Protection Officers has grown to support to more than 360 schools, academies and Trusts nationally.
During this work the DPOs noticed many schools needed help assessing and understanding their cyber security requirements. So the Cyber Security Service was born. This team quickly achieved recognition for its pioneering work alongside the DfE, the National Cyber Security Centre and IASME, supporting schools nationwide in achieving cyber resilience. The Cyber Ready Project now supports around 400 schools to meet the DfE Cyber Security Standards.
Education Data Hub provides schools and trusts with a complete information governance and security offering, under the vision …“to enable schools to become secure, efficient, and trusted handlers of information”.

Elliott Lewis CISO
ParentPay Group
Elliott is responsible for all matters regarding Information Security, Cyber Security and Data Protection across ParentPay Group globally. He has 20 years of experience, with a background in technology architecture, infrastructure, networking, technical project management, penetration testing and incident response.
Elliott is driven by his passion for all things InfoSec, protecting ParentPay Group, their people, and their customers from the rapidly-evolving cyber threat landscape and the ever-growing breadth and depth of skills and knowledge required to do so.

James Garnett Director of IT
United Learning
James Garnett is Director of IT at United Learning, a Multi-Academy Trust of over ninety academies and independent schools. He was the programme lead for the EdTech Demonstrator Delivery Partner, managing the EdTech Demonstrator programme on behalf of the Department for Education from April 2021 until September 2022.
He began his career in education as a teacher of maths 25 years ago before moving on to lead on IT, EdTech and systems in schools and then for United Learning. He leads United Learning’s Group Digital Strategy (focusing on narrowing the digital divide) and how technology can amplify the processes of teaching and learning. He has responsibility for Information and Cyber Security and sits on United Learning’s Carbon Neutral Board and Information Governance Committee.
James was appointed a Trustee of Sheffield Theatres in 2021 and more recently as a Trustee of Apps For Good. In January 2024 James leaves United Learning to pursue a long held desire to take his experience of working at the largest MAT and share it with the wider education community as a consultant. His focus will be, unsurprisingly, cyber security, information governance, digital strategy and, preparing for and managing growth.
Attendee feedback
What an excellent and informative networking event! Would definitely recommend to any MAT leader.
Seminar attendee June 2022
Great speakers, great content and brilliant networking, would definitely recommend.
Seminar attendee June 2023
The content of the sessions has far exceeded any of the MAT events I've attended this year. The speaker were amazing and it was great to network with others.
Seminar attendee June 2023