Employability and Enterprise
Agriculture, Environment & Animal Care
Business, Finance & Legal
Catering, Hospitality & Leisure
Qualifications
Vocational Qualifications
Childcare & Education
Qualifications
Access to Higher Education
Apprenticeships
Vocational Qualifications
Education & Training
English & Maths
Qualifications
English & Maths
Sample Assessments
ESOL
05 Oct 2017
Hair & Beauty
Qualifications
Vocational Qualifications
Health, Science & Social Care
Life Skills & Progression
Qualifications
Digital Qualifications
Personal & Social Development
Public & Protective Services
Qualifications
Access to Higher Education
Vocational Qualifications
Sales, Marketing & Retail
Qualifications
Access to Higher Education
Apprenticeships
Vocational Qualifications
Supporting SEND
Qualifications
Personal & Social Development
Professional Development
Transport & Logistics

With the increased number of cyberattacks against Academic institutions, we would like to remind you all to remain vigilant and to understand your legal obligations around notifications in the event of your organisation being targeted.

Under the GDPR, we, like yourselves, are considered to be a data controller with regards to learner data. This means that jointly, we have the same legal obligations around reporting potential security breaches, and more importantly, possible data breaches. In the event that either your organisation or ours experiences a cyberattack, we are both responsible for not just notifying the necessary authorities (ICO, NCSC, police, Ofqual etc) but we are obligated to notify each other.

Our approach to notifications will be to ensure that any potential cyberattack or breach of data on our systems will be communicated to the relevant authorities and yourselves as one of our centres. The reporting will inform you within the legal 72 hour notification period of the incident, as well as containing details of the steps we are undertaking to determine the cause, nature and potential impact of the cyberattack or breach. The communication will also indicate the primary contact in our organisation who will be the primary contact throughout the duration of the incident. We will shortly be confirming with your centre who your primary contact would be for these communications so that these are received by the correct person responsible for GDPR compliance.

We will require the same communications from you in the future so the correct primary contacts are always aware of and able to respond to any future incidents.

Offer our Qualifications

If you would like to teach our qualifications to your learners, submit an enquiry to discuss the best options.

Learners and students

Your questions answered

Learner Info