GDPR – how will it affect schools?

3.5 minute read.

The GDPR will replace the current Data Protection Act in just under 33 weeks’ time, signifying a significant change in the way schools manage a wide variety of data. The new bill was introduced to Parliament on 14th September, starting the process of implementing the regulation in time for the launch date of May 25th, 2018.

But what will change for schools specifically?

Currently, the Data Protection Act ensures personal data of school children and their families is protected and the current regulations adhered to with regards to day-to-day monitoring and security measures in place. Breaches could mean fines of up to £500,000 under the Act, but all of this is set to change in May.
The GDPR means a more unified approach to protecting personal data, overhauling the current regulations in place under the DPA and therefore outdating processes already put in place in many organisations. It is essential schools begin to prepare for how the change might affect the way they currently work; a fine for a breach under GDPR can be up to 2 million Euros.
The fine might be for the data handler, the organisation itself or for any individuals or companies associated with the breach, such as a paper shredding company or an IT department responsible for internet security.

What do schools need to do to prepare?

Make sure you know what data you hold, where it is held, who accesses it and how it is secured. Conduct an audit of this information, as well as security systems in place and your day-to-day monitoring of activities. This includes everything from CCTV access to boundary perimeter monitoring to student attendance records.
Once you have a fully comprehensive understanding of your data and security measures, make sure you review the current guidelines and ensure everyone in control of, or who has access to, data is aware of the GDPR changes and the impact this will have on your organisation. If any processes you currently undertake look like they will become out-of-date in May, make sure you prepare for a new process to be in place by that time.
To simplify this process, Stay Compliant will be running a host of GDPR workshops between January and April 2018, with the first one to be held on 25th January 2018. These interactive workshops will run in two halves, with the first half to thoroughly detail how GDPR will change the way data protection is managed, with a focus on the regulations most likely to impact schools. The second half of the session will be an opportunity to work through how your school currently stores and uses data and begin to identify areas that may need to be updated before GDPR is implemented on 25th May.
The GDPR will begin as it means to go on; any breaches of regulation after 25th May will be immediately subject to the new fines system of up to 2 million Euros.
Be prepared and Stay Compliant.
If your organisation needs guidance on what this means for you, we can help.
Get in touch. info@staycompliant.training

UPCOMING COURSES

Book a Course