Next May a new General Data Protection Regulation will come into effect, changing the way that schools need to approach their use of parent and pupil data. Is your school ready for the change?
There’s lots to consider, but take a step back before you get bogged down in the detail and think about some broad questions.
- How secure are all of these storage places in a worst case scenario – e.g. unwanted visitor in the school building? This includes logged in computers and unencrypted memory sticks.
- What personal data do you hold on pupils and staff? Different staff will possibly think of different forms and purposes across the whole range of school activity.
- Where is this kept/stored? This can be physically and digitally (e.g. teacher markbooks or lists in class on paper, posters highlighting pupil medical needs in staff room, information in a restricted access folder on the school network; information in the school’s MIS system).
- Who is currently responsible for data protection compliance in your school? Do they have enough time and training to carry out this role alone?
- Do you have consent to use contact information you may have collected from parents? Have they actively consented to this? Opt-out systems will not be sufficient under the GDPR; parents will have to opt in instead.
For more detail, check out this useful graphic from the ICO, or sign up for our Online Safety Conference on 17th January 2018. As well as discussing other online safety issues we will spend some time demystifying the GDPR and helping schools to plan for the changes taking place next May.