To prepare for the General Data Protection Regulations (GDPR)
There is much you can do to begin preparing for the new regulations. In doing so, you can be confident you are meeting the current Data Protection Act (DPA) making you better prepared for the GDPR.
Both the DPA and the GDPR relate to the personal data you collect and store about pupils and their families as well as staff data.
- What data are we collecting?
Audit what data you are collecting across the school, where it is held, how it is collected and what is collected. Whilst most data is collected and held within your management information system, other software across the school collects and holds data. Delegating this to teaching and non-teaching staff will help you to identify areas of the school that need additonal support as you work towards being GDPR compliant.
- Why are we collecting it?
To meet the GDPR, all data collection must be necessary. Consider if this is the case for everything you are collecting. This also applies to historical data you hold on past pupils and staff.
- Have people consented to it being collected?
Have your pupils, parents and colleagues agreed to you collecting the personal data you hold on them? The GDPR states that consent must be explicit and you should consider how you are currently gathering consent and any gaps. This means everyone must be aware of how you are going to use the data they are providing to you and that you only use it for these reasons.
From your audit, you can begin to build an action plan to be ready for May 2018. The action plan will raise questions such as, training and development priorities, how to ensure you are asking for the correct consent and any data that you should no longer be collecting. Remembering that on the 25th May 2018, your school must be compliant and not working towards compliance.