It has been a full year since the dreaded G word became a pertinent part of school life. Yet, schools have been found to still be big sources of data breaches, and many data protection officers are still struggling to get a handle on all things GDPR. However, it is not just their responsibility to be aware of and to comply with GDPR legislation - GDPR is everyone’s responsibility!
From the after-school cleaner to the cooks in the kitchen, data is handled everywhere. Do your kitchen staff know that allergy information is important personal data that should not be shared? Do your cleaners know that if they see a highly sensitive piece of data left out on a desk, they should be reporting it to the relevant staff?
Our GDPR experts have travelled around the UK, providing training sessions and audits for thousands of staff members at a number of schools, trusts and local authorities. Based on our experts’ assessment, and the results of our GDPR Survey, schools are over-estimating their GDPR compliance by around 20%. In particular, organisations are over estimating their understanding of consent, and the levels of training and awareness that are required among staff.
Here are some small things you and your organisation can ensure you do, in order to better comply with GDPR (and to help your DPO!):
- Keep your screen clear and make sure you lock your computer when leaving your desk.
- Clear out your desk of any sensitive information and make sure you keep it in a locked filing cabinet.
- Keep an eye out for mislaid information that you may come across, be it in the staff room or the playground.
- Report anything suspicious to the DPO – even if you think it might not be a big deal.
- Think about data protection training for your CPD.
- Conduct data protection impact assessments whenever you start a project which requires personal data to be processed.
- Double check your emails, are you giving out other people’s email addresses?
- Ensure all password are strong enough but not so complicated that they need to be recorded.
- Ensure consent is asked for any use of school photos and separate consent is given for any other separate purpose other than consented for.
- Check who has access to what. Be ready to revoke staff members of any data access if no longer necessary.
Data protection is serious, and breaches could have long lasting effects on your organisation. It isn’t just your DPO’s responsibility – it is down to everyone in a school to keep data safe.