GDPR – Are you ready?

Whether your school is a primary or secondary school, nursery, academy or part of a multi-academy trust, the General Data Protection Regulation (GDPR) will apply to you from 25 May 2018.

This means that the way you manage data and information within your school will likely need to change. Although your school is already legally obliged to keep data safe and secure (whether that’s staff and student information, paper files or an electronic database) the GDPR will mean your school has greater responsibility for protecting data.

GDPR replaces the current Data Protection Act and ensuring a good understanding of these regulations across school staff is very important for ongoing compliance. Schools and businesses who are not GDPR compliant could see fines of up to 4% of their turnover or €20 million imposed from the Information Commissioners Office, not to mention the impact on Ofsted ratings.

Here are a few things to consider when it comes to GDPR and your school –

• You must be able to evidence that your Data Processors hold the minimum competencies and accreditations; for more information on these, click here
• Ensure the appropriate people in your team understand GDPR and the implications the new legislation has. Consider introducing a Data Protection Officer, someone who is responsible for data protection compliance and communicating information about GDPR
• Conduct an audit of the information you currently hold in school; document the information held for both staff and students, detail where it is held, who has access to it and where it came from
• Develop and communicate procedures on how to respond appropriately to a data breach; these procedures should include processes for detecting, reporting and investigating a data breach
• Review your current privacy policy and make any necessary changes in line with the GDPR
• Review and document policies for gathering, maintaining, communicating (electronically) and deleting student data
• Consider how you will gain and maintain parental/guardian consent for any changes made to current policies as a result of implementing GDPR
• Consider when to start implementing Privacy Impact Assessments in your school
• Implement an e-safety policy to ensure your staff understand what needs to be done to be compliant with GDPR, as well as keeping your school safe against phishing attacks,

More information for preparing for the GDPR can be found here.

Preparing for the new GDPR is key; it’s always better to be safe than sorry! By considering the implications of the new regulations in advance of 25^th May, you can be confident that your school are safe from any nasty fines or reputational damage.

If you would like to know more about ParentMail, contact us today on 01733 595959 or email enquire@parentmail.co.uk.