Are you ready for GDPR?

February 07 09:44 2018 Print This Article

For any organisation that handles personal data, this year’s hot topic has to be the General Data Protection Regulations, or GDPR.

As the new law comes into force on 25th May 2018, replacing the Data Protection Act (DPA), schools and academy groups up and down the country are gearing themselves up for the changes.

For those schools which already have a history of good data practice and a firm grasp of the DPA, the new requirements shouldn’t pose too much of a challenge. However, there are a few key steps that will help to smooth the path for schools on their journey to GDPR compliance.

Subject access requests

One such step is to be ready to respond to a subject access request (SAR), when an individual asks for access to their personal data, because the time limit for SARs is changing. Under GDPR, the timescales for answering a SAR will reduce from 40 calendar days to one month.

While some schools will be familiar with SARs, others may receive them rarely. But being prepared will certainly ease the process should a request arise.

Let’s take the example of a student who is not allowed to attend a school trip due to poor behaviour. This is just the type of situation where a parent might request to see the data stored on their child’s conduct.

Being able to pull this data together quickly will help to resolve the matter efficiently and effectively.

A central store of information

The difficulty some schools and academy groups have is that the data they hold needs to be gathered from a variety of different sources. This makes it more complex to respond to a SAR than it would be if all the pupil data could be accessed from one place.

By storing data centrally in a management information system (MIS), a head of year would be able to confirm how many behaviour points a child has been given, or how many times they have been late to lessons, in a matter of seconds so this information can be passed on to the parent.

Maintaining accurate data

The data a school holds needs to be accurate, so another challenge is to make sure the most up-to-date personal information is being stored.

Throughout the year, a parent or carer’s contact details can change at any time, so schools need to keep track of all the latest telephone numbers, email and home addresses.

Some schools and multi-academy trusts send out a paper-based data collection sheet when pupils enter a new academic year. But as family situations can change at any time, there is a risk that information could be out of date by the time it is entered onto the system. But there are steps schools can take to avoid this.

Obtaining updated details

One way is to encourage parents to update information themselves. Tools exist, such as the SIMS Parent Lite app (which is available at no charge to most SIMS users), that enable parents to go online, at a time that’s convenient to them, to register or change their details.

A secure, self-service option like this has the added benefit of ironing out any typos or spelling mistakes at the same time and schools can approve any new information before it is added to the system.

In the midst of a house move or job change, informing the school of new contact details may not be top of mind for a busy parent. However, schools can use technology such as an app to send out regular reminders to parents to update their details so accurate records can be maintained.

This also provides schools with the opportunity to ask for parents’ consent to use their data for specific activities, such as school trips for instance. Proactive communication like this supports schools in obtaining consent as a positive opt-in, and not from pre-ticked boxes, which is another significant requirement of GDPR.

By reviewing the way data is stored, accessed and maintained, and strengthening links with parents, schools and academy groups can lay some firm foundations for GDPR compliance.

The original article (and image) was originally posted here:


view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment


No Comments Yet!

You can be the one to start a conversation.

Add a Comment