Preparing Your Primary School for the New General Data Protection Regulation (GDPR)

Written by Pano Savvidis // November 17, 2017

Our world is becoming increasingly dependent on digital data. Most aspects of our personal and professional lives (banking, paying bills, socialising, buying groceries etc.) can now be processed online, using a variety of digital tools and apps. This is as true with your primary school as any other institution, organisation, or enterprise, with records and administration now almost entirely computer-based.

With this growing integration of digital tools comes greater concern over our data’s safety. The General Data Protection Regulation (GDPR) will be launched in the UK on May 28th 2018; as a replacement to the Data Protection Act, this aims to reinforce the safety of critical information online.

As we are now approaching the close of 2017 with alarming speed, your primary school must take steps to ensure you comply with the GDPR in full.

How can you do this?

 

Find Your Own Data Protection Officer

Various types of data will be processed in your primary school, applying to your students and staff alike. This covers small everyday administration tasks (preparing letters to parents) and bigger undertakings (processing payments, handling complaints etc.) alike, and to ensure vital information remains safe, you will need a designated data protection officer (DPO).

You may have someone currently performing a role such as this in your school, but once the GDPR comes into effect, the specific qualifications and experience required will be much more strict. A member of staff will unlikely have time to perform their standard work and act as the DPO as a side project.

A new employee with the knowledge and training to take on this role should be recruited ahead of the GDPR’s introduction. You may be able to effectively ‘share’ your DPO with other schools or educational institutions within your area, but they will need to be accessible and able to help when needed.

 

Acquire Relevant Data Only

Once the GDPR comes into effect, breaching students’ or staff’s rights, or failing to comply with the regulations in full, could see you fined either 4 percent of turnover, or as much as 20 million Euro – whichever is greater.

It is absolutely essential, then, to make sure that any sensitive data you hold pertaining to students or staff has been collected for specific needs. Details on ethnicity classification, religious belief, and health records are all regarded as sensitive data, and your school must ensure that you have no information that could be seen as a breach.

You should also retain such data for as long as your school believes necessary – remove it from your records as soon as possible once such time has passed. Perform an audit of your school’s information and make a note of the data you currently hold, how you came to hold it, and who else has seen it.

Any piece of information you hold without being entitled to could be seen as a breach, and incur significant penalties. Take the time to minimize this risk as far as possible.

 

Understanding Consent

Any data held on children or adults must be provided with suitable consent. As your primary school is responsible for the education and well-being of very young children, suitable consent is typically provided by their parents or guardians.

When acquiring this consent, proper documentation must be provided, detailing the reasons such information is required and how it will be used. Once GDPR comes into effect, consent will be scrutinised much more closely, and you need to ensure well ahead of the regulations’ introduction that your school makes sure all consent is fully-informed.

Releasing a bespoke mobile app for your primary school can create a simple, user-friendly gateway for busy parents or guardians. Acquiring consent may be as easy as hosting documents on the app, enabling caregivers to read them on their smartphone or tablet before granting permission.

 

Recognising Legal Rights

Parents are, understandably, concerned about what data bodies hold regarding their children. Though they are much more likely to trust that your primary school will behave with the child’s best interests in mind, they may still want to ascertain the kinds of information you possess, how this is used, and who else this may be shared with.

Under the DPA, people have had a right to request such information, but this will only expand once the GDPR is introduced in the UK next year. The regulations clarify that individuals can gain access to their personal data and be sure that it is being processed in a lawful, proper manner.

Your primary school has to take this into consideration and be prepared to provide such key information free of charge (the DPA’s £10 subject access fee will be dropped once the GDPR is introduced); if someone requests access to their data without good reason or repetitively, you will have the right to request a reasonable charge for your effort (provided it is a realistic reflection of your administrative cost).

All information must be provided within 30 days of the request, with a minimum of delay, though in the event such subject access requests are excessive, the deadline may be extended to two months instead. You should inform parents and guardians of their legal rights on your school website, in clear terms.

 

Spread the Word

Last, but by no means least, you must ensure the key decision-makers and staff-members within your primary school are aware of the GDPR’s incoming introduction, and what this will mean for them.

While they may think the DPA’s phasing out and the GDPR’s arrival has little to no impact on their day to day work, they must be made to see how the entire school’s daily processes will alter. Any slight oversight or processing error could lead to a breach of a student or employee’s rights, incurring potentially damaging penalties.

Gather the aforementioned key decision-makers and team-members, and explore the new changes, the ramifications, and the steps being taken to address them.

Doing so can help ensure your primary school is fully prepared for the GDPR’s introduction, and mean data is processed in the safest, most secure way in years to come. You should make sure parents and guardians are fully-informed too, perhaps by sending letters and presenting details of the GDPR on your school website.

 

The General Data Protection Regulation will mean some significant changes for your primary school, but by planning ahead, staying informed, and keeping parents / guardians in the loop, you can embrace the new regulations with minimal upheaval.

Get In Touch:

Your Full Name *

Your E-mail Address *

Your Telephone *

Enter your message here *

Thank You, your message has been sent.

Academy Schools

access

access device

Activities

advice

affordable

anti bullying

anti bullying month

Anti-Bullying Week

app

apps

assembly

assignments

Attainment

attendance

auditory

Augmented Reality

authentic learning

bbc micro bit

beatrix potter

Becta Guide

behaviour

Behaviour Management

behaviour management software

bespoke lesson content

best

Best Practice

BETT

BETT 2014

better

birthday

blog

Bloganywhere

blogging

blogging in school

blogging tools

Blogs

Bradford

brainwashing

budget

bullying

careers

ceop

charles dickens

children

christmas

Christmas message

class

classes

classroom

Cloud Computing

Collaboration

communication

Competition

confusing

continued professional development

CPD

Create your own character competition

creative school resources

cyberbullying

cyberbullying in school

Department for Education

Derbyshire

design

design your own egg

Differentiation

don'ts

dos

dropbox

e-learning

e-learning advice

e-learning events

e-learning in the classroom

e-portfolio

e-Portfolios

E-Safety

e-safety experts

e-safety in schools

e-safety survey

e-safety training sessions

Early Childhood Education Degrees

Early Years

easter competition

easter egg competition

easy to use

Ebacc

edtech

Education

Education and Technology Conference

education experts

education products

education technology

Education Tools

educational apps

educational technology

elearning

elearning apps

elearning competition

English

Enterprise day

eportfolio

esafety

esafety survey

Events

evernote

evolution of technology in schools

expert

experts

free e-learning products

free moodle events

free resources

free teacher events

free teacher webinar

free worksheets

French

Funding

gamification

GCSE

GDPR

Google

Google Apps

government

government guidelines

grades

Guest Infographic

guides

Handheld devices

Hardware

head office news

head teacher advice

head teacher of the week

help

helpful

History

Holy Family Catholic School

homework

homework block

homework month

homeworkanywhere

how to learn faster

how-to

ICT

ideas

IMLS Framework

improve

influential schools

Infographic

integrated e-learning solutions

Interactive Whiteboards

iPad

iPads

iPhones

jargon

Jobs

jotter

jotter mobile

Jotter Mobile app

Keighley

keynote

kids

kinesthetic

Laptops

laughing

LCMS

learn faster

learn faster advice

learn faster tips

Learn module

Learnanywhere

learner device

Learner Journey

learning

learning experience

learning faster

Learning Light

learning management

learning management system

learning management systems

Learning Platform

learning platforms

Learning Services

learning solutions

learning technologies

learning technology providers

Leicestershire

lesson plan

lesson planning

lesson plans

Literacy

literature

London

m-learning

Maths

mathsanywhere

message

messaging

microsoft

mindfulness in the classroom

missed

mlearning

Mobile

mobile app

mobile apps

mobile apps for schools

Mobile Friendly Websites

mobile learning

mobilegeddon

Modern Foreign Languages

money

MOOC

Moodle

Moodle 2

moodle 3.1

moodle 3.1 new features

Moodle 3.2

Moodle 3.4

moodle birthday

Moodle Conference

moodle experts

moodle lms

Moodle partner

Moodle SIMS Integration

moodle updates

moodle vle

most popular school website

Multi Academy Trust

Multi Academy Trusts

multiculturalism

national curriculum

Netbooks

new e-learning products

new elearning products

new elearning tools

New Ofsted Framework

news

newsanywhere

North East

North Yorkshire

Nottingham

Nottinghamshire

NQT

Numeracy

office 365

Ofsted

ofsted e-safety inspections

ofsted requirements for websites

ofsted school website requirements

online

Online Collaboration

Online Games

online learning

online learning solutions

online rewards system

online safety

online spellings tests

online tools

parent

parent communication

Parent Messenger

Parental Engagement

parents

passwords

Personalised Learning

Persuasive Technology

phishing

phone

Phonics

photos

Pi

pizero

planbook

podcast

Podcasting

poems

Poetry

powerpoint

presentation

press releases

Primary

primary education

primary lesson plans

Primary School

primary school competition

primary school website

primary school websites

primary schools

Prize

Procurement

product

professional development

promoting e-safety in school

PTT

pupil premium

pupil premium webinar

push notification

push notifications

quickvoice recorder

Radioanywhere

Raspberry

raspberry pi

RE

recruitment

reducing stress

Resources

responsive websites

revision

Riots

Safe Social Networking

Safeguarding

safety

save

school

school blogging

school blogs

school broadband

school competition

school eportfolio

School Information Regulations

school internet

School Jotter

school mobile app

school mobile apps

School Payments

school tips

School Web Design

School Website

school website design

school website help and advice

school website offers

school website system

school websites

Schoolanywhere

schools

schools technology

Science

scores

Sean Gilligan

Secondary

secondary learning platform

Secondary School

secondary school teachers

Secure Social Networking

security

SEN

senior leadership team

sharepoint

Shift Fatigue

silliness

SIMS

SKE

smartphones

SMS

Social Media

Social Networking

South Elmsall Carlton Junior & Infant School

spelling software

spellings

St Andrew’s Junior School

Studen

student engagement

Student Jotter

study

studying

studying tips

style

substitute teachers

Sugata Mitra

summary blog

support

tablets

teacher

Teacher Engagement

teacher resources

teachers

Teaching

Teaching Resources

tech savvy techer

technology

technology in education

technology in school

technology in schools

technology in the classroom

Test

text

texting

The Academies Show

The Achievement of Pupils

The Behaviour and Safety of Pupils

The BETT Show

The Quality of Leadership and Management

The Quality of Teaching

timeline

tips

tom starkey

top tips

Totara

totara lms

Tour de Yorkshire

training

training courses

tricks

Twitter

University

USA Moodle Partner

usage

useful

Video

video tutorials

Videocasts

virtual learning environments

virtual learning platforms

visual

VLE

vles

ways to save teachers time

Web Design

Webanywhere

webanywhere birthday

webanywhere events

webanywhere history

Webanywhere new products

webanywhere news

webanywhere office

webinar

Website Content

West Yorkshire

World Citizenship

York

Yorkshire