General Data Protection Regulation
Is Your School Ready?
The GDPR (General Data Protection Regulation) deadline is looming – and businesses in every industry are gearing up for the big changes it will bring in come Friday 25th May.
As an educational recruitment business handling lots of sensitive data, GDPR has had a big impact on Future education. We’ve spent the last year preparing, optimising the way we collect, manage, store and use data to ensure we’re fully compliant.
GDPR will also have a direct impact on schools – and for the majority, will require a big overhaul of the way sensitive data about pupils, parents, teachers and support staff is stored.
In this post, we take a brief look at GDPR, how it applies to schools, and the actions they need to take to avoid the potential risk of heavy fines and reputational damage caused by non-compliance.
What is GDPR?
GDPR is a new set of regulations designed to give all EU citizens (and British citizens post Brexit) with more control over their data, and the way it is used by organisations.
It replaces the current Data Protection Act, and introduces new responsibilities for businesses on the way data is collected, stored, managed, processed and shared.
Full information about the changes, responsibilities and GDPR regulations can be found at https://www.eugdpr.org/.
Why it’s so important to schools
Schools collect a lot of personal data – and the new regulations means that data currently stored may no longer meet the legal requirements, so will no longer be deemed as stored safely and may no longer be used in the manners schools have become accustomed to.
The new GDPR guidelines state that:
- Data can only be collected for specific, legitimate purposes
- Data cannot be kept longer than necessary
- Data must be processed and stored securely
- Schools must process data in a legal, fair and transparent way
- Schools can only collect the data needed for relevant processing
Perhaps the biggest challenge for schools posed by the changes is the storage of personal data. Many schools may still be holding massive databases – like large spreadsheets that can be easily accessed from main servers!
This simply isn’t compliant with the new regulations, and schools will need to assess and change their systems, or risk serious fines should a data breach leading to the exposure or theft of personal data.
What you need to do
If they haven’t done so already, there are a few key action points that schools need to take to ensure they are compliant.
A data audit – as part of compliance, schools need to have an accurate, up to date record of all the personal data they hold (both digital and paper), where it is, why it is kept and how it is processed.
System analysis – schools will also need to assess the way they store data to ensure that it is secure, easy to access, easy to change and usable with metadata. For those currently using an excel spreadsheet on a shared server, this may mean big changes!
Data protection officer – all state schools will need to appoint a DPO (Data Protection Officer). This is a person who will advise and lead the school on the regulations, monitor compliance and will be the first contact in the event of a data breach. They cannot have a conflict of interest (so no IT Directors).
The new regulations also set out a clear plan about what needs to be done in the case of a breach – such as contacting the ICO (Information Commissioner’s Office) within 72 hours.
Further information and guidance
GDPR can be confusing, but there is still time to put a plan in place.
Want to know more? The TES website has a wealth of useful information, videos and links – this post on how to become GDPR compliant is a great starting point. You’ll also find a complete guide to the new GDPR regulations on the ICO (Information Commissioner’s Office) website.
Recruitment support from Future Education
Looking to find the right teachers and support staff for your London school?
At Future Education, we help primary schools, secondary schools and SEND teams across the capital to source the right education professionals for a full range of permanent, temporary and supply roles. As former teachers ourselves, we understand the industry, and are here to ensure you benefit from the right people, with the skills, personality and experience to match your organisation.
For additional information, call our team today on 020 8256 0910 or email us at email@example.com.