MAT Governance & Compliance Seminar

Data Protection - What is your risk appetite?

Wednesday 6 December 2023, Churchill War Rooms, London

Agenda

09:00 Refreshments and networking

09:30 Welcome

09:40 DPIAs: the legal detail (not as boring as you’d expect!)

Clare Wilson, Team Leader, Education Data Hub

From Keeping Children Safe in Education 2023 to the Data Protection Act 2018 and UK GDPR, and beyond to the Children’s Code and legislation currently before parliament, this session will explore the “what” and the “why” of Data Protection Impact Assessments.  It will include the messages you can relay to your staff so they, in turn, understand the importance and relevance of DPIAs. This exploration of the theory and the law the perfect lead into the practical session later and both will equip you with the tools and confidence to carry out your own DPIAs (and the knowledge of who to call on if and when you need further help).

10:30 Cyber Risk – For you, and your suppliers 

Elliot Lewis, Chief Information Security Officer, ParentPay Group

Join us for a crash course on cyber risk – in particular, three approaches you can use to varying degrees to build a better picture of both your own cyber posture, but also that of your suppliers. We expect to share some fascinating (perhaps somewhat frightening) insights into attacker behaviours, and provide practical solutions to help mitigate your risk. You will (hopefully!) leave with some new tricks up your sleeve – different methods you can employ to suit you and your organisations unique approach and risk appetite. We will be sharing new resources, templates, valuable references and technology options - note however, this is not a sales pitch!

                          
11:15 Refreshments and networking

12:00 Managing the Data Protection challenges in large and growing Multi Academy Trusts

James Garnett, Director of IT, United Learning

There are 100’s of applications – software, apps, web portals – eager for your school’s money and data, promising improved educational outcomes and reducing workload. The hardest part maybe finding ones which actually deliver on their promises, but before committing to a purchase, or subsequent renewal, there are other things to consider. In this session, we will explore the challenges faced by a very large MAT as it strives to meet its data protection obligations combined with an ambitious digital strategy and growth. We will look at strategies you can put in place to manage application procurement, DPIAs, IARs and RoPA at school and Trust level while trying to make the process as simple as possible but still meet one’s legal obligations.

                        
12:45 Lunch and networking

13:45 DPIA workshop

Leila Granger, Data Protection Adviser, Education Data Hub

We will provide attendees with a templates for a basic and full DPIA as well as a checklist for Article 28 of the GDPR. We will use these resources to guide you through carrying out a DPIA on two very popular EdTech products.

14:45 Refreshments and networking

15:15 DPIA workshop continued

16:00 Seminar close, networking and complementary tour of the museum

Meet our speakers

Clare Wilson

Clare Wilson Team Leader

Education Data Hub

Clare Wilson LL.B (hons) Lond, QTLS, MSET, CIPP/E, CIPM, former senior leader and teacher. Clare’s background as a DPO, an author, senior examiner, teacher trainer and teacher of law, makes her uniquely placed to manage a team committed supporting management and governance in education.

Education Data Hub began in 2017 with one person whose job was to assess what support Derbyshire schools needed to help them comply with the new GDPR. The answer was a lot!  So the service formed starting with 30 pilot schools. Our team of qualified Data Protection Officers has grown to support to more than 360 schools, academies and Trusts nationally.

During this work the DPOs noticed many schools needed help assessing and understanding their cyber security requirements. So the Cyber Security Service was born.  This team quickly achieved recognition for its pioneering work alongside the DfE, the National Cyber Security Centre and IASME, supporting schools nationwide in achieving cyber resilience.  The Cyber Ready Project now supports around 400 schools to meet the DfE Cyber Security Standards.

Education Data Hub provides schools and trusts with a complete information governance and security offering, under the vision …“to enable schools to become secure, efficient, and trusted handlers of information”.

Follow us on Facebook
Elliott Lewis ParentPay Group

Elliott Lewis CISO

ParentPay Group

Elliott is responsible for all matters regarding Information Security, Cyber Security and Data Protection across ParentPay Group globally. He has 20 years of experience, with a background in technology architecture, infrastructure, networking, technical project management, penetration testing and incident response.

Elliott is driven by his passion for all things InfoSec, protecting ParentPay Group, their people, and their customers from the rapidly-evolving cyber threat landscape and the ever-growing breadth and depth of skills and knowledge required to do so.

Follow us on Facebook
James Garnett MAT Seminar

James Garnett Director of IT

United Learning

James Garnett is Director of IT at United Learning, a Multi-Academy Trust of over ninety academies and independent schools. He was the programme lead for the EdTech Demonstrator Delivery Partner,  managing the EdTech Demonstrator programme on behalf of the Department for Education from April 2021 until September 2022.

He began his career in education as a teacher of maths 25 years ago before moving on to lead on IT, EdTech and systems in schools and then for United Learning. He leads United Learning’s Group Digital Strategy (focusing on narrowing the digital divide) and how technology can amplify the processes of teaching and learning. He has responsibility for Information and Cyber Security and sits on United Learning’s Carbon Neutral Board and Information Governance Committee.

James was appointed a Trustee of Sheffield Theatres in 2021 and more recently as a Trustee of Apps For Good. In January 2024 James leaves United Learning to pursue a long held desire to take his experience of working at the largest MAT and share it with the wider education community as a consultant. His focus will be, unsurprisingly, cyber security, information governance, digital strategy and, preparing for and managing growth.

 

Follow us on LinkedIn

Attendee feedback

9.7

What an excellent and informative networking event! Would definitely recommend to any MAT leader.

Seminar attendee June 2022

9.0

Great speakers, great content and brilliant networking, would definitely recommend.

Seminar attendee June 2023

9.6

The content of the sessions has far exceeded any of the MAT events I've attended this year. The speaker were amazing and it was great to network with others.

Seminar attendee June 2023