GDPR - Ignorance is no defence

By now, all staff and not just the senior team, are fully aware of GDPR (General Data Protection Regulation)
and it's potential impact. There's been a certain amount of scare-mongering going on, from talk of vast fines for minor breaches to schools being unable to keep the contact details for parents. Some of this rhetoric may well be coming from 'over-enthusiastic' companies eager to sell training, products and services.

Should a serious data breach occur at your school and the ICO investigates, if you haven't been taking GDPR seriously, you could be in trouble. However, if you have your Data Protection Officer in place, have policies and procedures, have done risk assessments and taken steps to mitigate any risks, you will be in a position to identify what went wrong and put the necessary steps in place to reduce any future risk. Safety and security will always be a journey with the final destination just around the corner!

How can you feel more confident about getting GDPR right?

It's a good start if you can say 'yes' to the following ten statements.

1 Staff and parents have been informed
2 Data Protection Officer appointed
3 Data audit carried out
4 Review of whether data held is valid
5 Review of privacy notices
6 Review of data collection procedures
7 Review of data processing procedures
8 Risk assessment of data security
9 Policies and procedures plan
10 Robust policies and procedures in place

 

Need more help?

E2BN member schools can access unlimited advice and guidance from us, just give us a call or email. We always provide honest, straightforward answers and if we don't know the answer, we will know someone who does!

We also deliver training courses; visit our Data Protection website to find the latest information and dates.

Latest from the Blog