Don't let it happen to you! Know your GDPR

School leaders will face action if they abuse their position of trust. Headteacher unlawfully took pupils’ personal data from his previous schools.

The Information Commissioner’s Office issued the strong warning after a headteacher in south London, was fined after admitting two offences of unlawfully obtaining personal data in breach of section 55 of the Data Protection Act 1998.

Ealing Magistrates Court heard how Darren Harrison, uploaded data about pupils from his previous to school to his then current school’s server.

The ICO said he had “no lawful reason” to process the personal data and was therefore in breach of data protection laws.

Following Harrison’s suspension from school a subsequent investigation found “large volumes of sensitive personal data present on the school server from his previous schools”, the ICO said.

Harrison was unable to provide a  valid explanation as to how the information had appeared on his system. It had been uploaded from his USB stick, although Harrison stated that he had deleted the personal data from it.

He was fined £700, ordered to pay £364.08 costs and a victim surcharge of £35.

Mike Shaw, the ICO’s criminal investigation group manager, said children and their parents or guardians “have the right to expect that their personal data is treated with respect and that their legal right to privacy is adhered to”.

“A headteacher holds a position of standing in the community and with that position comes the added responsibility to carry out their role beyond reproach.

“The ICO will continue to take action against those who we find have abused their position of trust.”

E2BN and its partner Data Protection Education offers schools advice, guidance, training and DPO services. Contact the E2BN office for more information This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest from the Blog