GDPR and schools

First off, GDPR what? Well for those that aren’t aware of this legislation as yet, in a nutshell

From 25th May 2018, the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR) – meaning that the way you manage all data and information within your school will change.

OK, so what does that really mean? Schools currently generate a wealth of information, the rules of this collection and storage of data are governed by the DPA and (hopefully) most schools already have a policy in place to adhere to this and are registered with the ICO (you can check here). So, at least we’ve got a starting point.

Whilst some of the changes are tightening up current regulations, there is an increased number of opportunities to fall foul of them and increased penalties if you do so. It’s worth noting that we have seen Ofsted involved in breaches of the DPA – we would have no reason to think that this will not continue to happen when the GDPR comes into effect. There are a few unexpected consequences too of the new legislation – such as you now need a formal contract with an accredited IT recycling service provider for disposal of old ‘data bearing’ kit, but on the whole, it’s about tightening up data security, who has access to that data and how it is used.

There are a few things you can do now with one eye on the future regulations. As a starting point, the ICO has produced a ‘12 steps to take now‘ guide – available here – which, as you would guess, gives a good platform to start the process from.

As always, please contact us or comment below if you need any more information