Even though the introduction of GDPR led to the production of vast amounts of media content, the principles behind it were really nothing new. All that changed was the degree of rigor with which they were to be enforced.
Arguably, therefore, it should have been fairly easy for schools to have complied with it (and hence kept themselves safe from regulatory action).
In actual fact, however, many schools struggled to deal with the practicalities of GDPR and even now some are still finding it a challenge. With that in mind, here is a brief guide to school data retention and security for 2020.
GDPR and the education sector
The introduction of GDPR highlighted one of the biggest ironies of the education sector. On the one hand, many schools have invested heavily in IT equipment for use by students.
On the other hand, many schools were using antiquated processes, systems and equipment to carry out their internal administration, even though this carried the risk of compromising student data.
In principle, the introduction of GDPR should have prompted schools to up their game and to a certain extent it appears to have done that.
According to a recent survey, 80% of schools said that they had taken steps to become GDPR-compliant, but more than half of them said that they were not yet fully GDPR-compliant and 14% said that they did not have a clear plan to become GDPR-compliant.
Schools have to deal with lack of skills and lack of resources to acquire them
Almost half (46%) of respondents indicated that they felt a lack of security awareness was a barrier to their being able to comply with GDPR.
It may, however, be more accurate to say that schools have an awareness of the importance of data security but do not have the in-house knowledge of skills to implement data security effectively and lack the budget to be able to “buy in” those skills from third-party vendors.
It would be lovely to say that schools should make their funding bodies aware of the need for extra resources to comply with GDPR, but the reality is that funding bodies already were aware of this and for them as for the schools they fund, GDPR is just one of a number of priorities fighting for attention and resources.
Schools may not appreciate that GDPR has carrots as well as sticks
It may be tempting to see any form of regulation as “red tape” and as backed by penalties (which is is) rather than offering benefits.
In the case of GDPR, however, this is not entirely fair. The ability to keep sensitive data safe inspires confidence, which encourages people to provide full and accurate data and thus provides organizations, including schools, with a robust basis for taking decisions.
Some tips on how to keep personal data safe
The principles of GDPR are clearly stated on the ICO website along with the penalties for breaking them. When it comes to schools on low budgets, however, the pragmatic approach is to start with low-hanging fruit and work upwards from there.
According to the aforementioned survey, 29% of respondents did not have a formal breach-response process in place. This is a serious non-compliance issue and should require little to no budget to rectify.
While “privacy-by-design” might be a challenge to implement, it should certainly be feasible to review what data you collect and take an informed decision on whether or not you actually need to collect it.
If you’re still holding on to masses of paper forms then at least digitize them and dispose of the old ones securely. This should go a long way to putting a stop to opportunistic data theft and reduce accidental breaches.
You will then, of course, have to work out what you actually need to keep (and for how long) and what can be deleted.
GDPR and Brexit
GDPR will continue to apply post-Brexit regardless of whether or not a deal is reached.
In principle, the UK should be able to continue to transfer data to and from the EEA as well as to countries where there is an adequacy agreement in place (essentially countries which the EU has recognized as having adequate data-protection standards).
In practice, nothing is guaranteed and schools should therefore see what they need to do to protect themselves if they lose the ability to transfer data to EEA member states.
General Manager, Joe Muddiman at Rads Document Storage, a secure facility based in Nottingham which provides professional document management services explains how they can help you out.
How can our document management service benefit your school, college or university?
- Create a more organised space for staff and students by remotely storing paperwork
- Store spare marketing materials, we’ll collect and return your documents for free!
- Digitise paperwork and document to view, receive and transfer much faster.
- Data not just on paper? We can destroy a range of materials from CD’s to plastic.
If you would like to find out more regarding our school/college /university document storage and management service, feel free to contact our team by phone or email and visit our website where you’ll found lots more information on how we can help you.
Are you a trainee teacher, NQT, teacher, headteacher, parent or just someone who cares about education and has something to get off your chest in a Schools Improvement Guest Post? Follow this link for more details at the bottom of the page.Don’t forget you can sign up to receive our daily email bulletin (around 7am) with all the latest schools news stories. Your details will never be given to anyone else and you can unsubscribe at any stage. Just follow this link.
We now have a Facebook page - please click to like!