As of May 2018, the current Data Protection Act will be replaced by the General Data Protection Regulation or GDPR for short. As this acronym starts to appear across the news and web we thought it time to explore what it actually means for those in the education sector.
GDPR is all about how you manage data & information on a day to day basis and while your school will likely update its policy in line with these new regulations, having some knowledge of what it means only serves to keep you and your students safe.
What is data/Information?
An average school contains enormous amounts of information as records are kept on everything including students and their grades, staff information (don’t forget payroll data) and even parents contact details. Does your school have CCTV? That’s data too. This is just scraping the surface of the data your school holds and you’re likely to have access to a lot of it. Especially when it comes to the students.
What is GDPR?
You will already have a duty of care to ensure data you have access to is kept safe and secure. These new regulations look to step this up a gear with an increase in compliance requirements. This is regardless of whether your school is all digital or still prefers paper and filing. Entirely replacing the former Data Protection Act, it will update many rules and regulations for how all educational facilities handle data.
What if I don’t comply with the new GDPR?
A school’s failure to comply will see its Ofsted ratings negatively impacted and a hefty fine handed out by the ICO (Information Commissioners Office). Penalty fines will also impact data processors involved, for example, your recycling company or outsourced IT partners.
For schools, it will also mean that it is a legal requirement to have an SLA (Service Level Agreement) in place with a compliant IT recycling partner. These data processors are part of the data chain and so also share responsibility. Failure to work with an accredited data processor will become a criminal offence so be sure you know what’s happening to your data when a third party is involved.
What should your school be doing?
Ultimately, although your vigilance in safeguarding data will help it is down to the education facility you are working in to assure its policies and procedures are up to date and enforced. In the digital age, this involves big buy-in from IT departments as well. Assure you have access to the current DPA policy for the establishment you work in and remain up to date as changes are made to account for GDPR.
In our next blog, we will be exploring in more detail the steps that education facilities can take now to avoid non-compliance. Whether you are a TA or teacher, all of us should understand these changes and help our school protect its students.
So next time you’re in a meeting why not throw up the question of GDPR and what your school will be doing to ready itself. You may end up saving them a lot of trouble!