1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hi Guest, welcome to the TES Community!

    Connect with like-minded professionals and have your say on the issues that matter to you.

    Don't forget to look at the how to guide.

    Dismiss Notice

Leadership webinar: what does GDPR mean for schools? (video and webchat)

Discussion in 'Senior Leadership Team' started by AndrewFIS, Aug 15, 2017.

  1. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    In May 2018, the General Data Protection Regulation comes into force. But what does it mean for schools?

    As part of the TES Leadership webinar series, I’ll be putting your questions to Harry Ewins, managing director of External Perspective Ltd.

    We will examine what school leaders and their governing bodies should consider when reviewing the requirements.

    Post your questions below now - and, if you can, join in our live webchat on September 12 at 4.30pm.

    Before that, you can watch a video we’ve made in which Harry and I discuss the issues, with key advice for school leaders.

    1920x1080-leadership-video-still-v2.jpg


    To access all the videos in the TES Leadership series, plus an exclusive database of grants available to schools, become a TES Leadership subscriber.
     
  2. TES_Rosaline

    TES_Rosaline Administrator Staff Member

    Hi,

    Don't forget to submit your questions below ahead of next month's webchat.

    Thank you.
     
  3. Trendy Art

    Trendy Art Star commenter

    • What are the implications for changing the way in which staff manage, use and access data between home and school?
    • Given the vastness of this, what exactly can schools do to prioritise the most salient points to meet GDPR?
    • Would the use of session virtualisation be acceptable for the access of data from home?
     
  4. TES_Rosaline

    TES_Rosaline Administrator Staff Member

    The webinar video will be available for seven days in this thread after the webchat. If you wish to view the webinar after 19th September or to access all the videos in the TES Leadership series, plus an exclusive database of grants available to schools, become a TES Institutional subscriber. You can find out more information here.
     
  5. TES_Rosaline

    TES_Rosaline Administrator Staff Member

    Good afternoon and welcome to today’s webchat.


    The TES Leadership webchats give you the opportunity to put your questions to industry experts about key school management and operational issues.

    In a few moments I will hand you over to Andrew, who is editor of FIS, who will be hosting this week's hour-long webchat.

    Andrew and this week's guest, leadership expert panel member Harry Ewins, managing director of External Perspective Ltd, who will be available for the next hour to answer your questions.

    If you have any questions please submit them below. Don't worry if we run out of time, any unanswered questions will be responded to and posted on this thread later this week.

    I'll now hand you over to Andrew.





    The content of, and information provided in, the TES Leadership webchats and their associated materials (including information posted in these forums in connection with the webchats) (the “Content”) is provided for general information purposes only. Any use you make of, or reliance you place on, the Content is entirely at your own risk. Professional or specialist advice, tailored to your specific circumstances, should always be obtained before taking (or refraining from) any action on the basis of the Content.

    Whilst TES Global and the panel of leadership experts make every effort to ensure the high quality and accuracy of the Content, TES Global and each leadership expert makes no representation or warranty (express or implied) concerning the Content. Neither TES Global nor any leadership expert will be responsible for any damage or loss related to any use of the Content.

    Neither TES Global, nor any leadership expert, seeks to restrict or exclude any liability they may have for death or personal injury arising through negligence, liability for fraud or fraudulent misrepresentation, or for any liability to the extent that, by law, it cannot be restricted or excluded.

    Please click here for full Terms and Conditions which apply to all TES Global’s websites.
     
  6. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Hello and welcome to this webchat on the GDPR. Joining me is Harry Ewins, managing director of External Perspective Ltd. For those of you following this thread, please feel free to post your query. Remember to refresh your page to see the updates as they appear.

    Thanks for joining us, Harry.

    Is the GDPR relevant to small schools?
     
  7. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    Thanks Andrew.

    Yes, according to Steve Wood, the ICO Deputy Commissioner (Policy)

    “The principles are essentially the same whether you are a small business or a multinational corporation. Many of the actions SMEs should take are practical and straight forward – our updated toolkit is a good starting point”.

    “It is not the size of the organisation that’s relevant so much as the risk that particular businesses and types of data processing pose. Those handling particularly sensitive data, or processing personal data in potentially intrusive ways, for example”.
     
  8. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What will the ICO’s policy be on fines for non-compliance with the GDPR?
     
  9. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    Where there are Data Breaches post May 2018 and you’re found to be non-compliant with GDPR at the time of a breach, you could face fines of up to €20 million or 4 per cent of your company’s annual revenue, whichever is greater.

    However, Elizabeth Denham, the UK Information Commissioner, has said, “These top-tier fines will be reserved for the most serious of breaches and will not be handed out for smaller infractions”.
     
  10. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What should schools be doing now?
     
  11. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert



    · Don’t Panic!

    You aren’t alone if you have barely started to prepare to comply with the GDPR by 25th May 2018 and there is still time to take significant steps towards full compliance by the start date.

    Check what support your Local Authority and professional associations are providing for members

    Look for other businesses, charities or organisations that you can share the cost of any training, consultancy or Data Protection Officer (DPO) services.

    Think of the ICO as your greatest friend to comply with the GDPR. Go to the Information Commissioner's Office website and take the following steps:-

    1. read and action the 12 Steps to Comply with the GDPR pamphlet;

    2. sign up for their newsletters and blogs;

    3. note their free helpline is on 0303 123 1113, and

    4. find and complete the ICO’s Assessment Toolkit, which has their checklists which you can use to assess your compliance with the Data Protection Act and find out what you need to do.
    [​IMG]
     
  12. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What areas are covered in the ICO Assessment Toolkit?
     
  13. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    Data protection assurance Assess your high level compliance with the Data Protection Act. This may illustrate to some people that they hadn't registered with the ICO as they should have done!

    Getting ready for the GDPR Designed to help you get your house in order, ready for the new legislation. Including designating a data protection officer.

    Information security Assess your compliance with data protection in information security policy and risk, mobile working, removable media, access controls and malware protection.

    Direct marketing Assess yourself in the areas of consent and bought-in lists, and telephone, electronic and postal marketing.

    Records management Records management policy and risk, record creation, storage and disposal, access, tracking and off-site storage.

    Data sharing and subject access Sharing policy and agreements, compliance monitoring, maintaining sharing records, registration and subject access process.

    CCTV Assess the compliance of your CCTV including the installation, management, operation, and public awareness and signage.
     
  14. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    What should schools do about Subject Access Requests (SARs)?
     
  15. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    You should already have a policy and procedure for SARs. The existing policy should be amended to comply with the GDPR for example in relation to fees and response periods. The amended policy has to be circulated to parents/guardians, suppliers, older pupils and staff e.g. for them to see how and where to request their information.

    The teachers and staff must be trained to recognise when they are actually being given an SAR and what to do with it, irrespective of whether or not it follows the prescribed procedure. Remember to always verify the identity of the person requesting their personal information.

    Ideally all SARs should be managed centrally and log the time and date received. There is only one month to respond to this request so it is important that you stop the clock if you need to clarify anything in the SAR. The response time can be extended by up to 2 months for complex or numerous requests as long as you tell them within the first month. You cannot charge a fee for an SAR, however one can seek payment of any reasonable administrative costs for providing any further information.

    As SARs are sometimes used as a prelude to litigation, the abolition of employment tribunal fees could have an effect on the number of requests to your HR department.
     
  16. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Should schools appoint their own Data Protection Officer (DPO)?
     
  17. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    Under the GDPR there are three situations where it is compulsory to appoint a DPO. One is where the processing is done by a ‘Public Body’; the term ‘Public Body’ has yet to be defined. There are two other situations where it is compulsory to appoint a DPO, which need the terms ‘Core Activities’ and ‘Large Scale’ also to be defined.

    However, the best advice is to appoint a DPO as schools are looking after children and they are a ‘Vulnerable Group’ according to the Working Party 29. Maintained schools should check with their Local Authority if they are providing a DPO. A number of LAs have advised their schools that they are not doing so and told their schools that they have to meet their own legal obligations.

    The decision then must be taken whether to appoint an internal candidate (for three years) or external one (for two years).
     
  18. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    How long should schools keep different categories of data?
     
  19. HarryEwins

    HarryEwins New commenter TES Leadership Panel Expert

    Maintained schools should look to their Local Authority’s Information Governance Team for their retention schedule.

    During the conversion process Academies should have had their data and retention periods handed over to them.

    Free Schools and Independent Schools should already have their own retention schedule, however if they haven’t got one they should look at their regular information sources like the ISBA website’s library and forum.
     
  20. AndrewFIS

    AndrewFIS Occasional commenter TES Leadership Expert

    Can you provide a GDPR list of actions?
     

Share This Page