From 25th May 2018, the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR) – meaning that the way we manage all data and information within school will change.
Paper in filing cabinets, keeping records and databases of student and staff information, monitoring what’s happening day-to-day on the premises through CCTV – today’s educational landscape is packed with data.
Under current legislation school already has a duty of care to ensure that this data is kept safe and secure. And with the GDPR coming into effect school will have an increased responsibility to ensure this information – regardless of what form it’s kept in – is managed in the right way in compliance with this new regulation.
Non-compliance can currently see fines of up to £500,000 being imposed from the Information Commissioners Office (ICO), as well as Ofsted ratings being seriously affected if there isn’t correct policies and procedures in place when it comes to data and IT security.
But what actually is it, exactly how will GDPR affect schools and what are we doing about it?
Let’s take a look:
Put simply, the GDPR is a new data protection regulation that’s designed to strengthen and unify the safety and security of all data held within an organisation.
It will entirely replace the current Data Protection Act, making radical changes to many existing data protection rules and regulations that many organisations such as schools, academies and other educational establishments currently adhere to under the DPA.
Whilst you may see some similarities between the GDPR and the DPA, there will be some significant differences that will have a real impact on the way data is handled and ultimately affect the way you manage information in your school.
Here’s just a few of the key things to watch out for:
If you’re already complying with the DPA then chances are you already have some strict policies in place. But this doesn’t mean that just because you comply with DPA regulation, you’re automatically going to be compliant under the new GDPR law.
Whilst a number of the GDPR’s main principles are similar to those in the Data Protection Act, as we’ve seen, there will inevitably be some new elements and significant enhancements – meaning you may have to do some things differently.
As such, the ICO have put together a guide on Preparing for the General Data Protection Regulation (GDPR). They suggest a number of things you should be starting to do to get yourself ready for the change:
You can read the full guide and the ICO’s recommendations here.
At Peel Brow School we are following all the guidelines, we have updated privacy notices and have a appointed a data protection officer, who is idependent from school.
Please see below for information related to the GDPR.
Click here for more information.