Is Your School GDPR Compliant?
GDPR (General Data Protection Regulation) is now here and has replaced the Data Protection Act. This implementation means safety of data will be strengthened and unified in your school. This brings a new responsibility for staff members about how they use and keep data on pupils.
How Does GDPR Work?
Most of the data used in schools falls under ‘public interest ‘ in legal terms. This means specific consent will not be needed in most cases for schools across the country. GDPR will now ensure all data is protected and gives individuals control over their own data. This in effect means parents can ask for any data regarding their child. Because of this schools are now more accountable for the data they produce.
Under the new regulations, consent must now be given by parents if data is used for anything outside of normal school business.
How Is GDPR Implemented?
Every school must now appoint a GDPR officer and prove that the school is compliant with the new act.
Any breach of data must be reported within 72 hours to the ICO and schools must ensure there are legally binding contracts if data is being used outside of normal school use.
Is GDPR Complicated?
A positive for schools is that it's much easier to comply with GDPR than a private organisation. Although there’s more accountability, tougher sanctions and a greater need for evidence, schools mostly already have a data protection act in place and they'll be no need to change it.
Schools need to make sure they're not keeping unnecessary data. For example, when a student leaves the school, their data should be destroyed. Its an unnecessary hazard in schools when data is kept, especially for vulnerable pupils.
What Schools Need To Do Now
To become GDPR compliant schools need to make sure the senior management team understands what GDPR is so they can implement any changes. Schools need to regularly check their data through rigorous audits.
Schools need to organise how they store data and make sure are aware so they are not vulnerable to breaches. Locking data away in draws for example rather than leaving on desks. Offices should be locked when not in uses and any displays of data on walls must be taken down. Staff training every year is essential so everybody understands the rules.
GDPR will change how data is stored and used forever. Although the changes will affect schools there’s no need to panic. Planning and organisation should mean the regulations are carried out smoothly and efficiently. Schools must now ensure that their third party suppliers who may process any of their data is GDPR compliant and must have legally binding agreements with any company that uses any personal data. These agreements must state what data is being processed, who it is being processed by, who has access to it and how it is protected.
It is vital GDPR is done properly in schools to protect pupils and staff.