By Carol Tullo, Senior Consultant
The Bookshop and Lottery Agency of Jan de Groot in the Kalverstraat in Amsterdam, Isaac Ouwater, 1779. Photo credit: Rijksmuseum.
The experience of running some Naomi Korn Associates workshops in recent months has been instructive in so many ways! Helping a range of schools – principals, teachers, office managers, bursars, Heads of IT and governors – to familiarise themselves with the GDPR changes opened my eyes to the complex ecosystem of school communities. I was struck by how seriously schools took their responsibilities for handling personal data. The Department for Education published on April 23, a GDPR Toolkit: https://www.gov.uk/government/publications/data-protection-toolkit-for-schools
I was involved in the discussions and early drafts with DfE and, while no substitute for tailored help, this toolkit covers the basics and provides useful reassurance for each school to assess its preparations. DfE outlines a sequence of activities that will help schools to identify and monitor their use of personal data, undertake the necessary processes for auditing and assessing risk, and assist in compiling policies to ensure schools can sustain compliance. Mirroring the training approach from NKCC, each step is structured to provide the intended outcomes, a suggested ‘how to’ approach, top tips, case studies, and links to relevant resources. It does not constitute formal legal guidance, and as a data controller, each school is ultimately responsible for its own data protection procedures and compliance with legislation.
My favourites of the top tips in this official guidance:
- Think through what is best for your school. There is no one size fits all solution but learn from the examples and adapt them to your own needs.
- Using the Common Basic Dataset, think about retention and how long data is kept: https://www.gov.uk/government/publications/common-basic-data-set-cbds-database
- Get your Privacy Notice right
I would add that if you have started, but not yet completed your journey to compliance, consider a GDPR readiness statement explaining where you are and what you have done. It all builds confidence.
With the publication of this guidance, an informal consultation exercise will run until Friday 1 June 2018. The initial feedback gathered will be used to inform a revised version. The guidance will be a living document and will be refreshed once the Data Protection Bill is finalised. Comments are welcome so provide feedback to email@example.com with the subject heading “GDPR toolkit feedback”. DfE asks that if your comments refer to specific content in the document, please reference the page number(s) to identify the area to which you are referring. Keep the conversation going as we all work collaboratively to deliver this.
Naomi Korn Associates will be running a Data Protection Officer training course for schools, Tuesday 2 October, at the Imperial War Museum, London. For more information please email firstname.lastname@example.org
(c) Naomi Korn, 2018, Some Rights Reserved. The text of this blog is available for reuse under a Creative Commons Share Alike Licence. The image is CCO, sourced from Rijksmuseum.