GDPR in Schools
We are all pleased that the noise levels around the EU General Data Protection Regulations (GDPR), has reduced significantly.
In the UK, our requirement to comply with GDPR reflects in the changes contained in the updated (UK) Data Protection Act 2018, which broadly adopts the regulations.
While we can think more clearly with less noise, the compliance requirements for schools remain very real.
They can place a significant burden on already busy staff and senior leadership teams, who will still need to make key decisions about how to manage the School’s enhanced GDPR responsibilities.
Data Protection Officer (DPO)
As a public authority, it is mandatory for schools to appoint a data protection officer. This can be an internal or external appointment, but cannot be someone within the organisation whose duties as a DPO could lead to a conflict of interests with their existing role.
Therefore, we provide a named Data Protection Officer as an outsourced service. As a school you can estimate how much time you need from our DPO. This may vary depending on the level of experience existing school staff have. So, we provide a flexible service according to your needs.
High-Risk categories of data
Schools necessarily have to undertake data processing of special category data relating to children, medical information and other sensitive information.
As a result, this information must be collected, stored and processed. Unfortunately, this means that the data risks in schools are high.
Responsibilities of your governing body
Headteachers and the governing body are responsible for ensuring that the school is GDPR compliant and therefore, they must ensure that the DPO has sufficient skills, knowledge and objectivity to perform their role.
Similarly, if a member of staff undertakes this role, there is the risk that their objectivity is compromised.
This is why our named Data Protection Officer service gives Governors and leadership teams the peace of mind they need.
Accountability and evidence
A major change in the new regulations is proving accountability.
We believe that proving accountability with GDPR is a challenge for schools. It is a challenge for many organisations. So we focus on helping schools meet these challenges as efficiently and affordably as possible.
Being able to produce evidence about your compliance goes a long way in meeting your accountability responsibilities. Evidence can take many forms – simply noted in paper records or more complex, for example, the management of parental consent for activities outside of the school grounds.
This can be as critical as having a robust cybersecurity regime in place, or a well-documented process that can be followed in the event of a data breach. Also, in certain instances, there is a 72 hour reporting requirement to the Information Commissioner’s Office.
Additionally, it is vitally important that schools train staff regularly and that there are records of this training because the rights of data subjects must be understood and be embedded in daily operational procedures.
Equally, staff must understand why parental consent must be captured and how to ensure it is recorded diligently.
So, we offer consultancy services to help schools with their accountability responsibilities.
Technology for schools
We partner with a market-leading software technology, GDPRiS, to bring schools an efficient and affordable way of managing their data protection responsibilities.
Moreover, we combine our consultancy services with a powerful, yet simple, technology solution. The result is a centrally managed compliance portal available to all staff which contains all of your school’s compliance information and monitoring activities.
The school can track and manage their data protection responsibilities and tasks in the portal, which results in transparency.
Consequently, this reduces the time staff spend on updating policies, procedures, contracts, logs for breaches and access requests.
GDPRiS is a tried and tested software tool used by over 2,500 schools will save your staff time and enable your DPO to oversee all aspects of the school’s compliance.
FOR UNCOMPLICATED GUIDANCE AND SUPPORT, CONTACT US!
Collaboration with the wider community
At Data Protection 4 Business, we are members of the International Association of Privacy Professionals, Data Protection Forum, Information & Records Management Society and the National Association of Data Protection Officers.
Also, we attend industry events arranged by the ICO and World Data Protection Forum and are proud to be engaged with the Data Engineering and AI communities working together with them to build privacy solutions into our digital and AI futures.
Through our network of partners and associated specialist companies we can offer our clients:
- Legal advice on GDPR –revision of contracts and HR requirements.
- Technology companies providing software solutions for compliance.
- Specialist sector partners to build online training courses for medical practices, clubs, tech start-ups.
- IT Security & Cyber Security protection.
- Insurance protection for GDPR and Data & Cyber Breaches.
We are small enough to care yet large enough to offer a wealth of knowledge and solutions to our clients.
Be Data SMART. Be Compliant.
Data Protection is here to stay.