GDPR and Data Security in schools and colleges

Most articles you read online about GDPR and data security focus on what they mean for companies with major marketing operations. This may give some schools the false impression that they don’t have to make any changes when it comes to data security. Unfortunately, that couldn’t be further from the truth. The GDPR brings in major changes to the way that companies store, process and handle data. In this short post, we’ll explore a few of the lesser-known facts about GDPR and data security and how they relate to schools and colleges.

Who has access to your data?

In general, you should restrict access to data to the smallest possible group of people. This may well mean that you have to take a look at the access levels that you give to various members of staff. There is probably not a good reason for every teacher in the school to be able to see the medical notes of every child in the building. Generally, a more complex system of data control will be needed to meet your GDPR and data security requirements and ensure that you’re not inadvertently in breach of your new obligations.

Not all data is electronic

GDPR is clear that it doesn’t only cover data that’s stored on a computer, server or electronic system. Printed information counts as well, whether it’s stored in a filing cabinet or left in a pile on someone’s desk. You have the same obligations around data security that you would have if the data was stored electronically. In many cases, this actually means that your best bet is to get rid of paper records and move to an electronic system that allows you to have total control over access.

Don’t store data you don’t need

GDPR gives all data controllers an obligation not to store data for longer than they need to. This means that you’ll need a robust deletion policy. This might include deleting the data of former pupils and staff after a sensible amount of time.

GDPR can feel like a bit of a minefield and the clock is ticking down to implementation on 25 May. Hopefully, this short post has helped you to feel a little more prepared for what is coming.

GDPR and data security – where to find out more

Whilst we will not pretend to be GDPR experts, we do know about data security – something that I have written a short book on that will help prepare for GDPR.  You can get your copy by simply clicking here – and best of all – it’s completely free of charge to UK schools and colleges.

Should you wish to be put in touch with one of our carefully chosen partners who can advise on GDPR in greater detail – please contact us today.