With the internet and technology becoming more and more advanced as the years go on, there has been significant updates on data protection laws to coincide with progression. A major query that gets raised from consumers towards companies is, ‘How is my personal data protected?’. GDPR which came into effect several years ago managed to create a unified data security law across the entire EU that organisations could abide by and follow as correct guidance. Schools being involved in data protection risks were obviously included in this.
Whilst GDPR laws are there, it raises additional questions as to how schools across the UK manage to implement and monitor data protection for their school community. As part of the new law, each school would have had to appoint a DPO. What’s that you may be saying? A DPO is a Data Protection Officer tasked with the day to day monitoring of data processing as well as being in overall charge of how the school effectively handles data protection.
As with most things, the task involves a lot of time, commitment and vigilance. Data protection is a vast field of dos and don’ts, each being important in their own right. With students, staff and parents, always feeding the school with personal information, the task can feel a little daunting.
Why it’s Important
Technology has allowed a lot of things to become easier. The way we now store data is much more organised, structured and accessible – many school organisations have whole databases of names, contact numbers and addresses, ready to pull at any given moment. While this is an incredible thing to marvel, you have to wonder whether you are fully complying in every setting.
In order to know for sure if your school is fully complying, you must ask yourself:
- Do you have a dedicated Data Protection Officer who has an in-depth knowledge of the data protection legislation, the ability to perform the role, the appropriate authority to influence change as well as the time and support from senior management and the governing body?
- Have you reviewed how you seek, manage and record consent, ensuring that it is freely given, the person is informed, they have positively opted-in to the proposed activity and have been told they have the right to withdraw consent?
- Do you have policies and procedures in place to manage and respond to when individuals exercise their rights? Have your staff received training in how to deal with these requests, in particular the exemptions which prohibit the disclosure of data?
- Have you communicated separate privacy notices to parents, students, employees and governors, informing them of their rights under the legislation?
- Have you carried out an audit to assess your compliance against the legislation, particularly around your policies and procedures; contracts; risk assessments and technical and organisational security measures?
- Do you have a record of your processing activities which identifies the personal data you process?
- Have you created and implemented procedures for identifying, reporting, managing and investigating personal data security breaches and communicated these to staff?
- Do you have Data Protection Training built into your staff induction procedures and is the training provided to existing employees on an annual basis?
Especially now, as remote learning has taken on a major role during the COVID-19 pandemic, there may be many questions around what requirements are needed when working from home.
A DPO officer doesn’t just work independently either. A large part of the role involves informing and guiding the rest of the school community in their obligations towards data protection. Ensuring everyone is made fully aware of current policy and practice is one of the more important duties. If anything slips by the DPO then everyone else is left in the dark!
What help is available?
SWGfL has partnered up with Firebird to launch a host of services that are there to support schools in their daily handling of data protection. Firebird is an independently run, renowned consultancy firm offering exceptional data protection support to organisations, in particular, education sectors. Firebird has provided expert advice, training and even audits to those who need it.
As part of the new launch, we are offering a wide range of services, including an incredibly valuable outsourced DPO service. For schools that are struggling to stay on top of their data protection duties in the current climate, Firebird are able to take control of the DPO role and manage it externally. Not only that, but we are able to work continuously with the school to provide support & advice on all things that data protection covers.
Amber Badley, Founder and Director of Firebird said:
Firebird understands how difficult it is for schools to find the time to read through the vast amount of information about data protection and understand all the things they need to do to fully comply with the new laws. We’re here to help take the stress and burden out of getting compliant. We help schools find simple, pragmatic ways to approach this and offer a range of support packages to suit every need and budget. We can be your fully outsourced Data Protection Officer (DPO), or we can support your existing DPO to help them gain the confidence and expert advice they need, to carry out their role effectively.
There are a lot of options available depending on where your school is with their compliance. SWGfL and Firebird are pleased to present a variety of packages that offer something for everyone, regardless of how little or how much you know about data handling. These include:
- Platinum Service
- Gold Service
- Silver Service
- Urgent/ Crisis Support