General Data Protection Regulations - support for schools

Friday 10th February 2017

Many of you will have picked up information about the impending change to the Data Protection framework; in brief, the Data Protection Act 1998 (DPA) will be replaced on 25th May 2018 with the new General Data Protection Regulation 2016 (GDPR).  This introduces far more stringent requirements for Data Controllers, which includes all schools. As well as introducing many new requirements, the monetary penalties for non-compliance increase from the current £500,000 maximum under the DPA to €20,000,000 under the GDPR. 
The Information Commissioner's Office (ICO) has published guidance about the GDPR at
https://ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/

I have posted the ICO (Information Commissioner’s Office) booklet – Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now – on the EPHA website, so that you can start familiarising yourself with the requirements.

I have talked to Lauri Almond, Business Consultant for ECC Information Governance Operations, to discuss what support both EPHA and the local authority can give to heads and their schools to ensure that they meet the new requirements.

We have agreed that she will attend the four summer term headteacher meetings in June to ensure that heads are aware of the duty and have started to put arrangements in place to meet their responsibilities. EPHA will also be organising more detailed training across the county, and I will let you know where and when that will take place.

In addition, ECC will be commencing various traded activities which schools can buy into to support their understanding of their current level of compliance, the gap to compliance with the DPA, and then the further gap to be compliant under the GDPR; through a varied offer comprising:

  • Awareness Briefings
  • Training
  • On site audits including an action plan
  • Consultancy
  • Helpdesk for DPA/GDPR compliance
  • Helpdesk for statutory requests for information, i.e. FOI, EIR and SAR.
  • SE+ self-assessment via EES website
  • ELearning package to meet the annual refresher requirement once compliance is achieved, with minimum impact for schools.

For your information, an article is being issued in next week’s Governors’ Gateway (so governors will become aware of this duty), and there are four awareness sessions via EES planned for April 2017.


 

Pam Langmead