General Data Protection Regulation (GDPR)
The General Data Protection Regulations (GDPR) comes into force on the 25th May 2018. The GDPR replaces the Data Protection Act 1998, putting in place new controls and rules around how personal data is managed and protected. Failure to comply with GDPR can result in fines up to €20 million, reputational damage, distress to data subjects and compensation claims.
Still not sure how GDPR compliant your school/setting is?
Why not book a Data Protection Impact Assessment to identify areas of potential non-compliance, complete with a report highlighting the areas for improvement and practical actions to take to ensure compliance.
Further steps to take to become GDPR compliant
- Ensure senior management understand the significance and impact of GDPR on your school, and seek their support and direction on how to prepare for the changes.
- Carry out an Data Mapping Audit to identify and record what personal data you hold, where; who you share it with; how long you keep it for and what your lawful basis is for processing it.
- Inform employees and other key people that the law is changing and deliver needs based GDPR training to them.
- Review, update or create policies and procedures which reflect the GDPR changes. particularly in relation to data breach investigation and reporting; privacy notices, obtaining and managing consent and handling requests from individuals exercising their rights.
- Appoint a Data Protection Officer. This person must have expert knowledge of data protection law and practices and be able to fulfil the tasks set out in Article 39 of the GDPR. This person can be an employee or an external contractor.