The General Data Protection Regulation (GDPR) is an EU-wide law designed to tighten security around data handling – and millions of UK organisations are affected. With compliance mandatory from 25 May 2018, schools, Trusts and LAs need to review and adjust their systems and processes to achieve GDPR compliance in time.
All schools need someone to act as Data Protection Officer - taking on the responsibility for data handling and management. Regulations around data handling are very specific, so it is important that your Data Protection Officer resource is on top of the requirements, including the need to report any data breaches within 72 hours of discovery, otherwise penalties of up to €20m (or 4% of revenue) are possible.
Your relationships with third party suppliers need careful monitoring. As the ‘data controller’, your school needs to ensure that all suppliers that handle data are fully compliant with GDPR, from catering services to software providers. This should be documented in a formal contract for every supplier, detailing how data is stored and processed.
RIGHTS OF 'DATA
GDPR also specifies the rights of ‘data subjects’, who can now request to see every source that their data is shared with, and exercise their ‘right to be forgotten’. This enables any data subject, from former pupils to parents, and staff to governors to request that their information is removed from school databases.
Your school’s Data Protection Officer, and anyone else handling school data, must be able to produce a clear audit trail for all uses, with evidence of acting within the GDPR. The deadline is May 2018 - and you need to be ready in advance.
We bring your strategic team together with a qualified GDPR practitioner so you can gain an understanding of GDPR and what it means for schools – from the requirements that the regulations will impose on you, to the steps you need to take.
We’ve partnered with Michelmores Solicitors to give you all the latest policy and privacy documents in line with GDPR. We’ll also provide practical advice and training so your staff know how the policies should work in practice.
We’ll provide templates that enable your senior staff to map how you currently manage and process personal data. We’ll review this information with you before training, and use it as the basis of the detailed data mapping process in the GDPRiS management tool.
Our training sessions, on or off site, enable us to forge a long-term partnership with you so we can address the GDPR issues that you, or your schools are facing. We’ve already provided high quality GDPR training for thousands of UK school staff.
The GDPRiS management tool is an intuitive and cost-effective system that enables you to manage and comply with GDPR, all in one location. GDPRiS helps you to manage supplier relationships; data map your existing products, processes and services; schedule audits; report data breaches; store documents and manage staff with access to pupil data.
Many schools choose to appoint a Data Protection Officer from their existing team, or hire a dedicated DPO. If that’s not right for you, our partners can provide DPO services for your school or Trust.
Meeting the initial May 2018 deadline is just the start. A combination of the GDPRiS platform, expert training and on-going legal advice when required will give you the most solid foundation for GDPR compliance, now and into the future.
At Groupcall, we’ve partnered with the experts at GDPR in Schools (GDPRiS) who are leaders in the use of personal data in education, and how it is stored and shared.
The GDPRiS platform is an invaluable tool for schools, Data Protection Officers, local authority support teams and multi-academy trusts - a truly innovative cloud-based solution to help take the time, cost and stress out of GDPR compliance.
Where is it?
GDPRiS tracks and records data flows between all of the places you store and process data. It records whether data is in school or with third party suppliers.
Why do we have it?
GDPRiS logs the reasons for using data, the legal basis for processing it and how the rights of the individual are protected.
How is it protected?
GDPRiS records the processes that you and your suppliers use to protect personal data. It helps guide all your staff to a new level of data protection understanding.
Can we prove it?
As well as enabling you to easily conduct internal audits and report on data breaches, GDPRiS brings all evidence you need together in one place.