GDPR and the Friday 25 May 2018 deadline
Well, the day has (nearly) arrived! And next week the new law will apply. The main (and most important) consequence of all the activity over the last year is that organisations will be taking Data Protection much more seriously and media attention surrounding Facebook and Cambridge Analytica has ensured we understand the consequences of being too casual with personal information.
There is still an opportunity to book to attend one of our Essential GDPR Tidy Up Workshops for Administrators taking place here at The ICT Service Training Centre in St Ives:
- Wednesday 30 May 2018,
9.30am – 12.00pm
- Tuesday 12 June 2018,
1.30pm – 4.00pm
While there is a need to act, there’s no need to panic. It’s quite likely your school will already have good practice in place. Schools have already been offered the free toolkit and templates put together by The ICT Service in collaboration with the Council’s Information Governance team.
There is also now some draft guidance from DfE (see below) – Section 2 on making a data map is helpful. A school will only come to the attention of the ICO if they have a reportable data breach, which if good practice is in place, is quite unlikely. It’s also becoming clear that significant numbers of schools, businesses and other organisations are not going to be fully ready by the Friday 25 May 2018 deadline.
Schools ought to be reassured that in most cases, their policy and guidance (if it’s being followed) is adequate to prevent a serious data breach, which is what would trigger any investigation by the ICO. In that context, note that the DfE only published guidance for schools – ‘Data protection: toolkit for schools’ – at the end of April 2018 with a final version due in June 2018.
It will be helpful to remind staff that as Data Protection is getting a lot of media attention it’s important to be extra vigilant about keeping personal information secure.
We continue to offer our GDPR services to schools, though at this stage we are taking a risk-based approach because our consultants are heavily booked for the next few weeks. However, we can get you started and do a quick review of your documented policy & procedure to check for any significant errors or omissions.
Call us on 0300 300 0000 or email email@example.com for more information and a quote.