Embracing GDPR and the Cloud

Why it’s important to embrace the cloud

Most articles about Cloud Computing in education start off talking about funding and reducing the cost of service delivery, and there is a lot to talk about here[1] for both schools and Multi-Academy Trusts[2].  However, there is another strong business driver towards embracing cloud computing that you should be thinking about as an IT professional in your school or trust.

What is ‘cloud computing’?

The ‘cloud’ is a term used for servers and services held off-site which can be accessed remotely via any compatible device connected to the Internet.  This means that data isn’t stored on site and everything is managed externally.  It replaces dusty overheating server rooms, iffy padlocks and aircon failures, and promises no need to buzz support technicians every time something goes wrong with a hard disk.  The cloud services are all accessed through the web and mobile apps.

Why is ‘cloud computing’ important now?

The security and reliability of cloud services have improved in recent years and the lesser technical requirements to using them mean that the barriers to getting started are much lower too, it’s much easier now to sign up and use cloud-based services than even five years ago.  School broadband services are also improving in quality and reliability, meaning cloud services in teaching as well as administration are far more viable.

For suppliers, the landscape has improved too.  Developers can respond to customer requirements quickly and deploy multiple service updates in a single day, removing the need to visit each site to apply updates.  Software quality is improved as a result and suppliers benefit from economies of scale, which drive the cost of service delivery down, enabling free access for education to services like Google G-Suite and Microsoft Office 365. Groupcall provide our cloud services using Microsoft’s Azure Cloud Services, the only public cloud platform in the UK rated G-Cloud OFFICIAL[3].

The evolution of cloud computing over the past decade has seen the introduction of powerful tools for monitoring and improving pupil attainment and attendance, cloud services to support school administration and cut operating costs, and many exciting and innovative services that most of us haven’t even thought about yet.

So, why is it important to embrace cloud services?

Recently it was revealed that NHS workers routinely use the WhatsApp messaging service to communicate anonymous patient information quickly between each other rather than using ‘archaic’ NHS systems[4].

This phenomenon is called ‘Shadow IT’, where external IT services are used in your organisation without the knowledge or support of your centralised IT function. These are often free services that might be used by teaching staff or managers to work around the shortcomings of the official services provided.  Examples for schools might include document sharing services like DropBox, survey tools like SurveyMonkey, and free learning resources.

Some of these services operate outside of the European data border.  Imagine the personal data that could be uploaded to these services – without central IT functions even knowing – and how the lifecycle of that data and administrative access to it would be left dangling if a staff member left, maybe even the service subscription itself!

With GDPR replacing existing data protection legislation in May 2018, the onus on your school or Trust to control and track the movement of personal data is vastly increased, and new financial penalties encourage a proactive approach. While the potential fines are sizeable, being able to demonstrate good practice shows that your organisation is in control and will be considered favourably.

Where the centralised IT services in your school can provide secure and simple managed access to ‘best of breed’ cloud services, empowering your staff and students with easy access to productive technology, the chances of personal data sneaking around via CSV files in the shadows reduces significantly.  Having tools that make it easy to safely enable data sharing helps your organisation demonstrate governance and controls around personal data.  As evidence shows, if you don’t empower people then you risk it happening without you!

How can Groupcall help?

Groupcall is ISO 27001 accredited and is taking an active lead to help the education sector be fully GDPR compliant by early 2018.  Within the Groupcall suite of products, our Xporter on Demand service already provides safe GDPR aligned data sharing.  Our cloud-native IDaaS automated identity management helps manage user life cycle and access to personal data by students, parents and staff.  Messenger and our Xpressions app help provide audited communications to parents, and our Emerge app and web portal provide safe and secure access to student MIS data wherever your work takes you.

Groupcall helps your technical compliance with GDPR by not only securely integrating with leading cloud services like Microsoft Office 365 and Google G-Suite, but also with almost 100 leading education partners including CPOMS, MyConcern, ShowMyHomework and many more.  Using Xporter and Xporter on Demand to integrate the products in your school or trust ensures that there are audits and controls in place and guarantees data flows to the right places and is only accessible by those who should be accessing it.

However, compliance is not just technical. Groupcall have partnered with GDPR in Schools[5] to provide an all-in-one compliance monitoring solution that encompasses data movement, training records, incident management, auditing and more.

To find out more about how Groupcall can help your school or MAT achieve compliance, visit www.groupcall.com.

Tim joined Groupcall in 2010 and spent 5 years prior to that at Warwickshire County Council architecting and implementing school-facing services.  Specialising in areas including identity management, designing for the Cloud and mobile, web services, solution architecture, practical software development, data and Internet security, and teaching exciting ICT with gifted and talented students. Tim sat as an active co-chair of Systems Interoperability Framework (SIF) Association UK until April 2015.

[1] http://www.bbc.co.uk/news/education-39758108

[2] http://www.bbc.co.uk/news/education-40741918

[3] https://www.microsoft.com/en-us/trustcenter/compliance/uk-g-cloud

[4] https://www.theguardian.com/healthcare-network/views-from-the-nhs-frontline/2017/jun/05/should-doctors-use-whatsapp-to-bypass-archaic-nhs-tech

[5] http://gdpr.school

Are you a trainee teacher, NQT, teacher, headteacher, parent or  just someone who cares about education and has something to get off  your chest in a Schools Improvement Guest Post? Follow this link for more details at the bottom of the page.

Don’t forget you can sign up to receive our daily email bulletin (around 7am) with all the latest schools news stories. Your details will never be given to anyone else and you can unsubscribe at any stage. Just follow this link.

We now have a Facebook page - please click to like!


'Kindness in action = Mutuality' by Professor Sonia Blandford
Why Jessica quit teaching: She'd given her heart and soul to those kids but SLT didn't think it was enough.
Categories: 1st POST, Data, Promotion, Security and Technology.


  1. Jimmy Herbst

    While reading this article, I recall all these celebrity stories when their phone transferred data to the cloud and the attackers stole the data through them. It seems to me that no one would like to face such a situation, especially large companies, their employees and customers. So our managers did everything to protect company data even without trying to follow GDPR. Quite by chance we stumbled upon Ignite on one of the forums where they discussed data storage security and we decided to try cooperation with them. Now we are confident in our security and in the fact that we can rely on them in any issue of IT support.

Let us know what you think...