GDPR in schools
As I am sure you are aware, the General Data Protection Regulation (GDPR) came into effect earlier this year (May 2018) throughout the EU and has replaced the UK’s current Data Protection Act. GDPR in schools will and has had a huge effect on the way that your school manages your data
Schools are organisations that rely on paper based systems for monitoring visitors, staff and student attendance. Such systems are insecure and will be liable for heavy fines under the new rules. Turning to an electronic system will help schools comply with GDPR, ensure your data is secure and save you money from fines!
The consequences of failing to comply with the GDPR are serious. Data protection regulators will have the power to impose fines up to €20,000,000 or 4% of total annual turnover. This is an increase from £500,000 fine under the pre-May 2018 Data Protection Act. Therefore, it has never been more important to put stringent procedures in place to manage your data in line with new regulations, and this includes GDPR in schools.
SignalmanAV works in many schools – over 90 currently. It still amazes us how many schools are still using lined sheets of A4 paper showing individuals personal data!
GDPR focus is often placed on cyber security threats and database vulnerabilities with paper documents and records being overlooked. However, such an oversight could be very dangerous in a few months time.
Below are some of the practical considerations that schools must/should take into consideration when continuing with paper based solutions.
1. Can you find the information?
One of the key principles of GDPR is ‘the right to erasure’. Therefore, if an individual requests to be removed from your records where there is no ‘compelling reason for its continued processing’ then you must do so. However, do you know where this information is or if you still have it? Is it in on site or in storage? If you cannot physically find this information then how can you comply? All of this is time consuming and could be very costly.
2. How many copies are there?
One of the vulnerabilities of paper based systems is duplicate copies. A lot of organisations will take a photocopy as a back up just in case the original is lost or misplaced. However, what may seem like good practice could leave you in hot water when it comes to GDPR in schools. Unsecured copies of personal information maybe scattered all over the place and not disposed of properly which could lead to committing data breaches.
3. Data security
Security of data is another key area of GDPR and the security of paper documents could leave you vulnerable. If private documents were to get into the wrong hands then this could become a data breach. Transportation of documents always poses a risk as it only takes one mistake, like leaving them on a train or a car being stolen, for them to end up in the wrong hands.
4. Data privacy
Ensuring that no one else sees indirectly the personal data of another individual is also an important area not to be overlooked. A lot of focus is aimed at how to retain and store data but your actual process could get you in trouble. For example, if a visitor signs in via a book they will be able to see the personal details of all the other visitors that have signed in!
5. Managing retention records
Data records should only be retained for a certain amount of time, irrespective of format (paper, electronic or other). How do you manage the retention periods for your paper files? A lot of organisations will make a hard copy of their digital files. However, if you delete your electronic file, but the hard copy still exists, then you may in breach of GDPR regulations. For example, you may have deleted a file in accordance with a request from an individual to delete their personal data. However, if you do not delete the hard copy as well then you are still holding their personal information and be liable under GDPR!
What is the solution?
Moving away from paper to electronic management systems like CBSecurepass would remove the obstacles mentioned above along with the potential hefty fines with which they come. It puts you in complete control of your data and gives you immediate access to the files you need. Furthermore, your data is more secure as it is only accessible to those who have permission.
How does it work?
CBSecurepass is a school visitor management system which electronically captures and stores visitor information. Visitors sign in via a touch screen monitor rather than pen and paper. Staff also sign in electronically using permanent access cards. The system also has modules to store details on late arrivals and child collections. It will not only enhance your safeguarding but help alleviate your GDPR headache and save you from some potential big fines!