18 May 2018

Going Back to School?

By Carol Tullo, Senior Consultant

The Bookshop and Lottery Agency of Jan de Groot in the Kalverstraat in Amsterdam, Isaac Ouwater, 1779

The Bookshop and Lottery Agency of Jan de Groot in the Kalverstraat in Amsterdam, Isaac Ouwater, 1779. Photo credit: Rijksmuseum.


The experience of running some Naomi Korn Associates workshops in recent months has been instructive in so many ways!  Helping a range of schools –  principals, teachers, office managers, bursars, Heads of IT and governors –  to familiarise themselves with the GDPR changes opened my eyes to the complex ecosystem of school communities.  I was struck by how seriously schools took their responsibilities for handling personal data.  The Department for Education published on April 23, a GDPR  Toolkit: https://www.gov.uk/government/publications/data-protection-toolkit-for-schools

I was involved in the discussions and early drafts with DfE and, while no substitute for tailored help, this toolkit covers the basics and provides useful reassurance for each school to assess its preparations.  DfE outlines a sequence of activities that will help schools to identify and monitor their use of personal data, undertake the necessary processes for auditing and assessing risk, and assist in compiling policies to ensure schools can sustain compliance.  Mirroring the training approach from NKCC, each step is structured to provide the intended outcomes, a suggested ‘how to’ approach, top tips, case studies, and links to relevant resources.  It does not constitute formal legal guidance, and as a data controller, each school is ultimately responsible for its own data protection procedures and compliance with legislation.

My favourites of the top tips in this official guidance:

I would add that if you have started, but not yet completed your journey to compliance, consider a GDPR readiness statement explaining where you are and what you have done.  It all builds confidence.

With the publication of this guidance, an informal consultation exercise will run until Friday 1 June 2018. The initial feedback gathered will be used to inform a revised version. The guidance will be a living document and will be refreshed once the Data Protection Bill is finalised. Comments are welcome so provide feedback to data.modernisation@education.gov.uk with the subject heading “GDPR toolkit feedback”.  DfE asks that if your comments refer to specific content in the document, please reference the page number(s) to identify the area to which you are referring.  Keep the conversation going as we all work collaboratively to deliver this.

Naomi Korn Associates will be running a Data Protection Officer training course for schools, Tuesday 2 October, at the Imperial War Museum, London. For more information please email patrick@naomikorn.com

(c) Naomi Korn, 2018, Some Rights Reserved. The text of this blog is available for reuse under a Creative Commons Share Alike Licence. The image is CCO, sourced from Rijksmuseum.


Recent News

Back to News