The GDPR deadline (25 May 2018), scaremongering and prophecies of doom have come and gone with little fanfare and no flurry of prosecutions. Yes, there have been breaches. Yes, there have been complaints – but has anyone been thrown under the proverbial bus? Not to my knowledge; at least, not yet. Tes reports.
However, GDPR is not going to disappear just because results day and the start of the new term have come and gone. It will lurk in the shadows and will eventually catch some poor soul out – just like the threat of the network going down at the worst possible moment.
So, what has your school done about so far? Have you hired a data protection officer? Held a 30-minute Inset session? Made people fill out a form?
There are a few processes that I follow when considering data, which should help you on your way to changing your school’s culture. Here is what you should have already done to meet the requirements of GDPR:
Question what you do and how you’re doing it
- What data do you have and where is it stored? Hint: audit your data!
- What is the risk to that data?
- What are you doing about that risk?
Run regular training
Handling data is a skill and a 30-minute session once a year just won’t cut it. People need frequent and engaging training in this area. This way your data controller can sleep easier, knowing that everyone is working in one approved way.
Read more tips to meet the requirements of GDPR GDPR: five things schools should have done by now
Please tell us your thoughts in comments or via Twitter ~ Tamsin
Don’t forget you can sign up to receive our daily email bulletin (around 7am) with all the latest schools news stories. Your details will never be given to anyone else and you can unsubscribe at any stage. Just follow this link
We now have a Facebook page - pls click to like!