GENERAL DATA PROTECTION REGULATIONS May 2018
GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can staff prepare Summary
WHAT IS GDPR? The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It will apply from 25 May 2018 Effects EVERYONE – all staff are responsible for complying with regulations
WHAT IS DIFFERENT? Similar to the Data Protection Act (DPA) 1998. But expands and strengthens the principles of DPA CHANGE ANGE REQUIRE UIREME MENT NT No longer able to charge of access requests and have 1 month to Subject Access Requests comply Consent Must have consent to process personal data. ICO must be notified within 72hours of data breaches where an Data Breaches individual is likely to suffer some form of damage i.e identity theft. Failure to comply could result in 20 million euro fine. Now a legal requirement to carry out I.A when considering using Data Protection Impact Assessments data in new ways i.e new IT systems Must have a designated DPO who will take responsibility for D P Data Protection Officer compliance. Can not be member of SLT or Admin staff due to possible conflict of interest.
PRINCIPLES OF GDPR GDPR sets out six princi cipl ples es of data ta proces cessin sing. g. These se say the personal onal data ta must be: 6 4 5 3 2 1 Kept in a form Relevant and which permit Processed in limited to identification of Processed a way that what is Collected for data subjects for lawfully, ensures necessary in Accurate specified, no longer than is fairly and appropriate relation to and kept up explicit and necessary for the in a security of the purpose to date legitimate purposes for transparent personal for which the purpose which the manner data. data is personal data is processed processed
DATA BREACHES Accidental Destruction Unlawful Unauthorised Breach of security Destruction Disclosure of personal data when transmitted, stored or processed leading to: Unauthorised Loss Access Alteration
HOW DOES GDPR AFFECT SCHOOL? As data controller and data processor school must ensure the security • of all data subjects personal information i.e staff, pupils, parents etc.
HOW IS SCHOOL PREPARING NEXUS • GAP Analysis • DPO Appointed • Privacy Notice for parents/staff updated • Action plan in place • New Signing in system •
HOW DOES GDPR AFFECT STAFF All staff need to be aware of the principles of GDPR • All staff must comply with GDPR regulations • All staff are responsible for reporting data breaches • Staff should be aware of how school collect and • process their individual data
HOW STAFF CAN PREPARE Receive/be aware of Staff Privacy Notice • Be aware of and apply GDPR Principles when sharing data • Ask yourself ‘Can I share this information’ – ‘What is the reason for sharing the data’ • Ensure secure email system is used when sharing information • Ensure PIN codes are set on phones/mobile devices especially if you access calendar etc • Log out of all IT system when not in use •
HOW STAFF CAN PREPARE Do not leave any pupils/parents personal data (e.g pupil reports, SEN reports, CPOMS printouts etc) • lying around school Confidential shredding should be sent to the main office • If you take work home, ensure security is maintained at all times i.e encrypted pen drives etc. • Have organised and secure filing systems (manually and electronically) • Adopt regular and appropriate data cleansing processes • Any Data Breaches must be reported IMMEDIATELY to DPO •
SUMMARY The principles of GDPR are not a new thing. • The majority of processes are already taking place in school. • If you are unsure or have concerns about anything ask DPO or Fiona • DPO: Nick Holden • data@englishmartyrs.co.uk
Recommend
More recommend