The Data Protection Act as we know and love it in the UK dates back to 1998 in its original form. It was a far-reaching, even visionary, piece of legislation. But at that time the web was in its infancy, the Google search engine was in beta mode and social media hadn’t been ‘invented’ — Mark Zuckerberg, for instance, was only 14 years old at the time.
So, times move on. The EU is bringing in new data protection regulations that come into force in May 2018. This General Data Protection Regulation is far more demanding than the current Data Protection laws, with draconian fines to match.
Ah, you might say, jolly good job we’re leaving the EU then. Think again: the Government has announced its intention to pass an Act of Parliament that will bring this country in line with the EU, whether we’re still a member or not, as explained in the article UK Government Commits to GDPR after Brexit.
Unfortunately, schools are not exempt from the legislation, and May 2018 is not as far away as it may sound. So how can you prepare for the new legislation? Here are some resources to help you.
The first port of call should be the Information Commissioner’s website. There you will find a very useful section describing what the legislation is and the steps you need to take. Bookmark the site because it is in a continual state of being updated.
I’m alright, Jack. Really?
Under the new rules, even if the way your school handles data is 100% compliant, if any company you use to handle and process the data is not GDPR-compliant, you will not be out of the woods. You will need to check whether they are compliant, and if the answer is “no” you will either need to convince them to sort themselves out or find a different data partner. Fortunately, Groupcall has already taken steps to be fully compliant by the deadline.
OK, give me the gist
The Daily Telegraph recently published a useful summary of the new legislation. How far these rules will affect schools, and in what ways, is clearly going to be a primary concern to headteachers (or ought to be). A good starting point is the analysis by Steve Baines, Groupcall’s Data Protection Officer, on the subject.
Where can I find out how to be compliant?
You can also register for a Groupcall GDPR Training Session, which would be a day very well spent, particularly as they are CPD-certified. You can find a list of forthcoming events at https://www.groupcall.com/gdpr-training
Also, Groupcall has worked with it partner, GDPRiS, on developing a compliance toolkit. You can find out more detail here.