The data protection time bomb in schools

29 Jun 2017

Schools should be preparing for the implementation of the new General Data Protection Regulations (GDPR) in May 2018, which brings massive changes to data protection.

The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances.

Unless schools have started preparing for the implementation of the new General Data Protection Regulations (GDPR) in May 2018, which brings massive changes to data protection, they really are sitting on a ticking time bomb.

The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances.

As the ‘data controller’ schools are required to observe various principles when processing personal data. Whilst almost all current data protection regulations will remain, there will be significant changes. This will transform the way schools handle data and data breaches, ultimately changing the way they approach and manage information. Failure to demonstrate GDPR compliance can result in huge fines and other penalties.

3rd party school suppliers that process personal data on behalf of schools are ‘data processors’. Under GDPR data controllers and data processors have equal liability in the event of a data breach. Blame can no longer be assigned. In addition, any data processors that schools work with MUST be GDPR compliant. It will become a criminal offence to work with suppliers that are not compliant.

As public bodies, schools are mandated to appoint a data protection officer (DPO). The role of the DPO is to oversee data controllers to ensure that they are complying – the DPO has no liability if the school does not comply. The liability lies squarely on the shoulders of the ‘data controller’ - the school.

The key changes under GDPR that schools need to be aware of, and prepare for, include:

  • Greater focus on accountability – schools must be able to demonstrate compliance
  • Compulsory to have a DPO
  • Mandatory to report data breaches within 72 hours
  • 3rd party data processors must be GDPR compliant, it will be a criminal offence to work with suppliers that do not comply

As with most things in life, preparation is the key!

Download the guide

The Information Commissioners Office (ICO) published a “12 steps to take now” guide for business that our partner GDPR in Schools has adapted for schools.

Visit www.gdpr.school to download the “12 steps to take now for schools” 

Latest news

Filter:

iRoundUp raises thousands for children's charity

25 Sep 2017

ParentPay CEO, Clint Wilson, has today revealed that iRoundUp, the charitable giving initiative recently rolled out across the ParentPay platform, has successfully raised more than £42,000. The money has been donated to Wallace & Gromit's Children's Charity.

The data protection time bomb in schools

29 Jun 2017

Schools should be preparing for the implementation of the new General Data Protection Regulations (GDPR) in May 2018, which brings massive changes to data protection.

From classroom to boardroom...

17 Jan 2017

Hackney pupils’ innovative charity payment scheme launched today across 6,000 UK schools

Share Radio visits ParentPay

05 Dec 2016

Share Radio pays a visit to find out more about ParentPay and nimbl.