Your school is likely to have heard of the changes that were put in place on 25 May 2018, to introduce the General Data Protection Regulation (GDPR).
For the most part, your school will already have in place much of what’s needed for GDPR because many of the requirements are part of the historic Data Protection Act. Good ICT practice such as procedures for data backups, passwords, antivirus software and keeping on top of upgrades will also stand you in good stead.
The change in the law, fines that will be applicable, greater parental awareness of data security and rights plus the likelihood that GDPR compliance could be a part of Ofsted reviews, are all to be considered; but it needn’t be an onerous or expensive task to check and update your data procedures.
The ICT Service is well placed to support your school by conducting an audit of your current documentation, processes and procedures. We can produce an audit report, list out everything your school needs to be doing to comply to the current GDPR requirements, and we can highlight any risks to be aware of.
The role of DPO (Data Protection Officer) is also something to be considered. Someone in the school needs to be responsible for data security but may not have the time to keep up to speed with developments. The ICT Service can either act as a support resource for your chosen DPO representative or be appointed as the school’s DPO for a period of time.
How our service works
The ICT Service can offer two levels of service to schools that have GDPR compliance concerns:
GDPR Audit(one-off service)
The ICT Service will:
- Provide the information your school requires to register with ICO (Information Commissioners’ Office)
- Review your information assets (list of data held)
- Review your supplier’s compliance with GDPR e.g. online services containing personal data
- Contribute to and review your:
- Consent to Hold Information Policy
- Data Protection Policy
- Rights of individuals Policy
- Breach procedure
- Technological safeguards
- Privacy Notice/s (e.g. pupil data or staff data)
- Data Security Policy
- Information Sharing Policy
- Personal Information Policy
- Data Protection Impact Assessment
- Give you access to The ICT Service GDPR toolkit
- Deliver a one-hour bespoke training for staff.
If you consider that your school would benefit from a ‘walk’ around the school accompanied by your DPO consultant, we recommend that this should take place either before or after the working day (so as not to cause any unnecessary disruption); at an additional charge.
GDPR Managed Service (delivered over three years)
The ICT Service will:
Carry out everything covered in GDPR Audit (one-off service)
- Act as the Data Protection Officer for your school. See Terms and Conditions.
- Undertake annual compliance reviews
- In Year 2, review year 1 audit recommendations and ensure remedial action has been taken (undertaken through conference call and email with you)
- In Year 3, review year 2 audit recommendations and ensure remedial action has been taken (undertaken through conference call and email with you)
- Provide Helpline support to answer any adhoc data protection questions.
- Keep up regular communication covering the latest in data protection rules and regulations.
- Discounted additional onsite bespoke staff training
- Discounted GDPR consultancy to assist with Subject Access Requests and dealing with complex Data Protection questions from staff, parents or students.
All Schools – Contact us for a quote