In just under two weeks, UK organisations including schools are set to experience the biggest shake-up in the history of data protection. General Data Protection Regulation, more commonly referred to as GDPR is set to become legislation on May 25th.
As data handlers of personal and sensitive data, schools along with other organisations are marked under GDPR for essential changes. Failure to comply with these changes could lead to fines and reputational damage.
Schools will no doubt be at different stages in preparation for legislative change on data protection.
Recently, the DfE in its Data Protection for Schools Toolkit, highlighted guidance in the form of nine steps schools could take to efficiently develop the culture, processes and documentation required to be compliant with the strengthened legislation to effectively manage the risks associated with data management.
And it commences with raising awareness across all staff within the school who come into contact with personal data (noting that personal data can relate to pupils, staff, parents and potentially others). An interesting point to note is that the DfE recommends that making a link between data protection and child protection can be an effective way to make understanding GDPR real for staff.
Within education, some sensitive information about children is processed that is not set out in the legislation as a ‘special category personal data’. Notably information about children’s services interactions, free school meal status, pupil premium eligibility, elements of special educational need information, safeguarding information and some behaviour data. The DfE considers it best practice that when considering security and business processes about such data, that they are also treated with the same ‘high status’ as the special categories set out in law.
In relation to Safeguarding, GDPR does not prevent, or limit, the sharing of information for the purposes of keeping children safe. Legal and secure information sharing between schools, children’s social care and other local agencies is essential for keeping children safe and ensuring they get the support they need. Information can be shared without consent if to gain consent would place a child at risk.
TrainingToolz a sister company of Safeguarding Essentials is helping guide schools through this GDPR maze with limited free online GDPR training via its online content distribution platform. Schools can register to take the GDPR training and invite up to 10 of their peers to take the course for free. Learn more at Trainingtoolz.com/GDPR or call 0113 868 0244 for further information.
