GDPR & Schools

What is The GDPR?

Implemented on 25 May 2018, the GDPR was a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It has bought new demands and challenges that can impact school resources and ultimately finances. The GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom. The key things you need to be aware of are outlined below.

Data breaches

It is now mandatory to report a data breach within 72 hours

Data processors

As the data controller, it is the schools responsibility to ensure 3rd party suppliers that process data also comply with GDPR

Tougher penalties

In the event of a serious data breach, the ICO has the power to fine an organisation up to 4% of its annual turnover. In some schools, particularly MATs, this could be over £1 million.

Suppliers

GDPR demands a formal contract/SLA with all suppliers, including how data is stored and processed

Individuals' rights

The GDPR gives more control to individuals, including the right to redact data

Data protection officers

As a public authority, it is mandatory for schools to appoint a data protection officer

Evidence

Schools must be able to demonstrate compliance

Accountability

Schools must get it right the key focus of the GDPR is accountability

Use our FREE resources for schools to guide you

The GDPR Roles & Liabilities explained

Let our team show you how GDPRiS helps schools demonstrate their compliance!