What is The GDPR?
Implemented on 25 May 2018, the GDPR was a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It has bought new demands and challenges that can impact school resources and ultimately finances. The GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom. The key things you need to be aware of are outlined below.
Data breaches
It is now mandatory to report a data breach within 72 hours
Data processors
As the data controller, it is the schools responsibility to ensure 3rd party suppliers that process data also comply with GDPR
Tougher penalties
In the event of a serious data breach, the ICO has the power to fine an organisation up to 4% of its annual turnover. In some schools, particularly MATs, this could be over £1 million.
Suppliers
GDPR demands a formal contract/SLA with all suppliers, including how data is stored and processed
Individuals' rights
The GDPR gives more control to individuals, including the right to redact data
Data protection officers
As a public authority, it is mandatory for schools to appoint a data protection officer
Evidence
Schools must be able to demonstrate compliance
Accountability
Schools must get it right the key focus of the GDPR is accountability