GDPR and the Friday 25 May 2018 deadline
Nearly two thirds of Cambridgeshire schools have engaged us for the GDPR services we offer and we’ve also seen a strong demand from schools in neighbouring authorities.
By now we hope most schools will have made plans, but if you haven’t you may be facing difficult decisions about what to do.
While there is a need to act, there’s no need to panic. It’s quite likely your school will already have good practice place in place. Schools have already been offered the free toolkit and templates put together by The ICT Service in collaboration with the Council’s Information Governance team.
There is also now some draft guidance from DfE (see below) – Section 2 on making a data map is helpful. A school will only come to the attention of the ICO if they have a reportable data breach, which if good practice is in place, is quite unlikely. It’s also becoming clear that significant numbers of schools, businesses and other organisations are not going to be fully ready by the Friday 25 May 2018 deadline.
Schools ought to be reassured that in most cases, their policy and guidance (if it’s being followed) is adequate to prevent a serious data breach, which is what would trigger any investigation by the ICO. In that context, note that the DfE only published guidance for schools – ‘Data protection: toolkit for schools‘ – at the end of April 2018 with a final version due in June 2018.
It will be helpful to remind staff that as Data Protection is getting a lot of media attention it’s important to be extra vigilant about keeping personal information secure.
We continue to offer our GDPR services to schools, though at this stage we are taking a risk-based approach because our consultants are heavily booked for the next few weeks. However, we can get you started and be able to do a quick review of your documented policy & procedure to check for any significant errors or omissions.
Call us on 0300 300 0000 or email firstname.lastname@example.org for more information and a quote.