In short, there’s work to be done to ensure you remain in compliance with data protection laws beyond 31st December 2020. If you’re struggling to understand what that means for your educational establishment then contact your Data Protection Officer (or us!).
Do you have a data protection officer?
- Are they confident in their abilities?
- Do they need help and support?
- Have you appointed one?
SWGfL provides a range of options to meet your data protection compliance needs. Our Data Protection Services are available at a range of levels to suit your needs. Subscribe now and ease the compliance headache!
What data protection duties do you need to fulfil?
After December 2020, the UK will no longer be considered part of the European Economic Area (EEA) and under GDPR, personal data will not easily be able to flow between the EEA and the UK, unless new arrangements are put in place (adequacy arrangements).
Step 1
Identify how the changes affect your school or establishment and carry out a risk review (this flowchart from Firebird might help). Personal data coming from the EEA to you is the biggest issue here. Any processing you’re involved in must comply with the data protection laws.
Step 2
Check your contracts which involve the use of personal data. Where required, implement Standard Contractual Clauses (SCC) with organisations within the EEA who you might be sharing personal data with.
Step 3
Check your Privacy Notices are up to date and make sure they adequately address the potential changes. Consider whether Data Protection Impact Assessments (DPIAs) need to be carried out (or updated) on activities involving personal data affected by the changes. As part of this, consider how you will implement ‘additional safeguards’ beyond simply relying on the SSCs. This might be processes, policy or training.
You can sign up for our Data Protection Services quickly and easily with prices starting from just £500 +VAT
There’s more advice from the DfE for education providers and the Information Commissioner’s Office.