GDPR - time for a Spring Clean!

GDPR – time for a Spring Clean!

Your school is one giant data bank.  You hold information on staff, pupils, their families, their history, their health.

As the amount of data out there is increasing at an alarming rate, the rules around that data storage are going to change. Are you ready?

Current legislation says that you have a duty of care to ensure the data you hold is safe and secure.

The new General Data Protection Regulation (GDPR), however, comes into effect in May and its aim is to further strengthen the safety of data held within any organisation. It’s replacing the current Data Protection Act, it means you will have more responsibility to ensure that the information you hold - be it online, on disk, in folders or on reams of paper shoved into old filing cabinets - is managed in the correct way.

You should already have strict procedures in place and now is the time to get ready for the new rulings. As well as falling under your duty of care, it is something that could affect Ofsted ratings and incur a sizable fine if not followed.

There are 12 key steps to ensure your school, college or academy is ready, which are outlined here.

In summary; your management team needs to be aware that the law is changing, and what that means. If you don’t already have one, it might be wise to appoint a Data Protection Officer. Now is also the time to manage an information audit, to verify the details you hold and ensure you know the rules around information consent and access - as well as what you will do should privacy breaches be made. Ensure your online safety is tiptop and that your data disposal is secure.

There are still a few weeks to go, however schools are being urged to get ready now. This could be quite an admin-heavy process so planning ahead is definitely the right approach. Hopefully the transition from the current Data Protection Act to this will be a smooth one. Think of it as a Spring Clean!