Preparing your organisation for the GDPR

GDPR encompasses any personal data that is stored and processed using computers, as well as any data that is stored on paper in any manual filing system. Whether it is on a standalone computer, a network server, in the cloud or as hand written notes. For example, in an educational setting that means all, and any, personal data held on students, parents, staff and governors.

As the General Data Protection Regulation enforcement date of 25th May 2018 approaches, your organisation should be promoting a strong culture of protecting data.

However, do you know where to start?

Below, we detail the 3 key steps to get ahead before 25th May.

1. Produce a data map

In the example of a school, the setting needs to identify all categories of data that are held about students and staff, the purpose for which it is held and how it is being processed. By doing this the organisation will become familiar with the personal data ecosystem within the school.

This information can then be used to run an audit. To help do this the ICO has an audit tool that RAG rates* your current practice and gives a clear indication of where your strengths and areas for improvement are. The result can then be printed off. As you progress you can go back and conduct the audit as many times as you want to measure progress; this provides a useful framework for planning as well as good evidence of action taken.

*RAG rating:

Red: not implemented or planned

Amber: partially implemented or planned

Green: successfully implemented

2. Promote good practice

Your organisation should already be promoting a strong culture of protecting data. In preparing for the GDPR you should:

• appoint a data protection officer
• train staff
• carry out an information audit
• update and review policies and procedures
• tell people why the data is being collected.
  
  

3. Ask questions

In addition to a clear description of the data, the following questions should be asked of those people that are responsible for collating personal data.

• What information is being collected?
• Who is collecting it?
• How is it collected?
• Why is it being collected?
• How will it be used?
• Who will it be shared with?
• How long will you keep it for?
• How will it be kept secure?
• What process is it needed for? (e.g. admissions, recruitment)
• How is security maintained?
• Who has access to the information?
• Who manages the data?
• Who are the data subjects?
• What is the source of the data?
• What software is used? (if any)
• Where does the data go inside the organisation?
• How is the data stored?
• Does the data leave the organisation?
• Does data flow outside of borders? (that is national borders to areas not covered by GDPR).

GDPR training course

These steps are taken from our latest GDPR training course: ‘A Practical Guide to the GDPR for Education’. The course gives real-world scenarios and sample solutions to help schools and settings prepare for 25th May 2018 and is available to buy individually online or as an addition to EduCare for Education^®, our complete safeguarding and duty of care e-learning service.

---

Country: --None-- United Kingdom Abkhazia Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Darussalam Bulgaria Burkina Faso Burundi Cabo Verde Cambodia Cameroon Canada Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern and Antarctic Lands Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kosovo Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Nagorno-Karabakh Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Cyprus Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Sahrawi Arab Democratic Republic Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino São Tomé and Príncipe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia Somaliland South Africa South Georgia and the South Sandwich Islands South Ossetia South Sudan Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Transnistria Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Virgin Islands Uganda Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Wallis and Futuna Yemen Zambia Zimbabwe Vietnam
Post/Zip Code:
Job Role: --None-- Academic Registrar Account/Agency/Advertising Account Co-Coordinator Account Controller Account Co-ordinator Account Executive Administration / Office Admin Manager Artwork Provider Assessm. Coordinator Assistant Head Assistant Headteacher /Principal Assistant Principal Bursar Business Director Business Manager Catering Mgr/Superv. CEO / Managing Director Chairman Chair of Governors Chancellor Chief Executive Officer (CEO) Chief Sci. Lab. Tech Child protection Clerk to the Governor Dean Deputy Director Deputy Director of Education Deputy Head Deputy Head of Department Deputy Headteacher/Principal Deputy-Vice Head / Principal / Director Dep Vice Chancellor Development Director Director Director Development Director HR Director of Childrens Services Director of Education Director of Finance Education Director Education Manager Executive Head Executive Headteacher/Principal Finance Finance / Procurement Fund Raising Officer Gold / Silver Contact Head / Director of Dept-Faculty Head / Director of Subject Head / Principal / Chancellor Head of Art Head of assessment Head of Biology Head of Boys PE Head of Bus. Studies Head of Business Head of Careers Head of Chemistry Head of Citizenship Head of Classics Head of Department Head of Drama Head of Economics Head of English Head of Faculty Head of Geography Head of Girls PE Head of History Head of HR Head of Humanities Head of IT Head of Journalism Head of Law Head of Maths Head of Media Studs Head of Media Study Head of Mod.Language Head of Music Head of Nursery Head of Nursery/PreS Head of PE Head of Personnel Head of Philosophy Head of Physics Head of Politics Head of PSE Head of Psychology Head of PTA Head of Recept.Class Head of Rel. Studies Head of School Head of Science Head of Sixth Form Head of Sociology Head of Special Need Head of SPS Head of Subject Head of Technology Head of Vocat. Edu. Head of Year Head of Year 1 Head of Year 10 Head of Year 11 Head of Year 2 Head of Year 3 Head of Year 4 Head of Year 5 Head of Year 6 Head of Year 7 Head of Year 8 Head of Year 9 Headteacher Headteacher/ Principal Health/Safety Offic. HR / Recruitment / Retention HR Director HR Manager HR Officer ICT Coordinator INSET Co-ordinator International Office Keystage 1 Co-ordin. Keystage 2 Co-ordin. Keystage 3 Co-ordin. Keystage 4 Co-ordin. Lecturer Librarian Managing Director Market.& Dev. Dir. Marketing Marketing / Communications Marketing Manager Media Assistant Media Buyer Media Planner NQT Co-ordinator Office Manager Operations Operations Manager PA / Assistant to Head / Principal / Director Parent Pastoral / Welfare PA to Headteacher PA to Headteacher /Principal Personnel Director Personnel Manager Personnel Officer Planning/Strategy President Press Comm. Manager Principal Pro Vice Chancellor Provost Public Relations (PR) Recrtmnt Secretary Recruitment Manager Recruitment Officer Rector Resource Manager Safeguarding School Governor School Manager School Nurse School Secretary School Trip Organis. SENDco Senior Advisor Site Manager Strategic Business / Planning Student Student Services Supply Booker Support Role Teacher Timetabler Trainee Teacher Unknown Vice / ProVice / Deputy Chancellor Vice Chancellor Vice President Vice Principal Other
Requirement: --None-- I am a customer and I have a problem I am looking to buy a product for myself I am looking to buy a product for my organisation
Organisation Type: --None-- British Universities Charity Children & Young People Services College Company Educational Body English Colleges English Primary Schools English Secondary Schools English SEN Schools & Colleges International Schools & Colleges International Universities LA Head Office Library Mainstream School Northern Irish Schools & Colleges Other LA Other Organisations Private Individual Pupil Referral Unit(PRU) Scottish Schools & Colleges Secure Unit Special Needs Supply Agency University Welsh Schools & Colleges N/A
 

Return to news

Related content: