The data protection time bomb in schools

29 Jun 2017

Schools should be preparing for the implementation of the new General Data Protection Regulations (GDPR) in May 2018, which brings massive changes to data protection.

The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances.

Unless schools have started preparing for the implementation of the new General Data Protection Regulations (GDPR) in May 2018, which brings massive changes to data protection, they really are sitting on a ticking time bomb.

The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances.

As the ‘data controller’ schools are required to observe various principles when processing personal data. Whilst almost all current data protection regulations will remain, there will be significant changes. This will transform the way schools handle data and data breaches, ultimately changing the way they approach and manage information. Failure to demonstrate GDPR compliance can result in huge fines and other penalties.

3rd party school suppliers that process personal data on behalf of schools are ‘data processors’. Under GDPR data controllers and data processors have equal liability in the event of a data breach. Blame can no longer be assigned. In addition, any data processors that schools work with MUST be GDPR compliant. It will become a criminal offence to work with suppliers that are not compliant.

As public bodies, schools are mandated to appoint a data protection officer (DPO). The role of the DPO is to oversee data controllers to ensure that they are complying – the DPO has no liability if the school does not comply. The liability lies squarely on the shoulders of the ‘data controller’ - the school.

The key changes under GDPR that schools need to be aware of, and prepare for, include:

  • Greater focus on accountability – schools must be able to demonstrate compliance
  • Compulsory to have a DPO
  • Mandatory to report data breaches within 72 hours
  • 3rd party data processors must be GDPR compliant, it will be a criminal offence to work with suppliers that do not comply

As with most things in life, preparation is the key!

Download the guide

The Information Commissioners Office (ICO) published a “12 steps to take now” guide for business that our partner GDPR in Schools has adapted for schools.

Visit www.gdpr.school to download the “12 steps to take now for schools” 

Latest news

Filter:

ParentPay receives top tech business award

10 Nov 2017

ParentPay Ltd was awarded ‘Tech Growth Business of the Year’ at the UK Tech Awards 2017, at a gala dinner in London, on 2 November 2017.

The prestigious annual awards, a showcase for the UK’s fast-moving tech sector, celebrate success, reward achievement and raise the profile of the UK tech community. 

ParentPay shortlisted for The UK Private Business Awards 2017

03 Jul 2017

The UK Private Business Awards are held to recognise the successes and achievements across a number of private UK businesses.

 

ParentPay and Schoolcomms join forces

23 Jan 2017

Deal creates the UK’s leading schools’ payment and parental engagement provider.

Intrepid pair cycle from Africa to Yorkshire for Kenyan school

07 Oct 2015

Memusi are a charity set-up over 10 years ago to help build schools in Africa and ParentPay are proud to be one of their supporters.