Friday 25th May might not be marked in your calendar just yet, but it’s the date that the General Data Protection Regulations (GDPR) come into force, bringing a number of changes to the way that data is collected, stored and processed.
If you’ve not heard about GDPR, it’s a new, Europe-wide law that replaces the Data Protection Act in the UK and is aimed at both strengthening and securing the data held on individuals by all organisations including schools.
One of the central purposes of the new regulations is to ensure that any data held on an individual is accurate, up to date and freely available if requested, which means that organisations who handle data – known in this context as data controllers – need to make sure their procedures in this respect are robust and under control.
This also applies to any third parties working with schools in regards to their data, referred to by the GDPR as data processors, including providers such as SIMS.
What does that mean for schools?
There’s recently been a great wealth of information made available in regards to GDPR, most of which will apply to handling data in schools. There are definitely challenges ahead and actions to be taken.
In practical terms, failures around data protection will highlight to Ofsted that there are concerns around safeguarding, as well as possible reputational damage to the school. This is aside from the risk that all organisations face about sanctions such as Audits from the ICO or even fines, the level of which has increased under GDPR.
That said, schools are most certainly in a better starting position than many private organisations. Schools have always maintained a solid control of their data, particularly given the importance of safeguarding pupils, and many of the practices currently employed will still be applicable when GDPR goes live. GDPR may add additional responsibilities and possibly even incur extra costs, but if your school already takes data protection seriously, then GDPR can easily be viewed as an opportunity to develop that approach and seek further improvements.
Introducing GDPR in Schools
To help schools in their efforts to comply, we’re excited to announce that we’ve partnered with GDPR in Schools (GDPRiS) who offer a new cloud based solution to provide data protection officers (DPOs), IT managers, system owners and staff in schools with the tools they need to monitor, evidence and record their data procedures in an effort to meet the new regulations.
Key benefits of GDPRiS include encouraging a whole-school approach to data processing - GDPRiS provides staff across the school with the tools they need to ensure that information flows securely from collection, right the way through the entire data lifecycle. This includes features that help schools provide accurate and informative training, keeping staff knowledge up-to-date – which can also be recorded and stored for future evidencing.
One area that may provide potential concern for schools is in regard to data breaches. GDPRis provides schools with detailed auditing tools and clever tracking functionality, which helps to identify potential breaches and facilitate in taking early action to mitigate or eliminate their risk.
And to help support their approaches to data protection, GDPRiS features the ability to store key policy documents, training records and additional guidance – all via a cloud-based platform for added security and usability.
GDPRiS has been designed with schools in mind – within a school there are often several third parties who also have access to pupil data. GDPRiS has built a directory of well-known school suppliers that has been pre populated with information provided by the third party, which schools can access to demonstrate their compliance.
Safe, secure and simple
When GDPR launches it has the potential to create a culture shift in responsibility. By providing a data protection platform that involves everyone within a school or group of schools, there is a real opportunity to build a culture of privacy and security, which can be trusted by anyone who comes into contact with the school.
And by making the process of building that culture as intuitive and natural as possible, schools should have every chance to go above and beyond the requirements of GDPR and continue providing their entire communities with data protection practices that can be trusted.