0203 3013384
SUPPORT

GDPR News for Schools

ico logo

At DPAS we have been closely following the ICO audits in schools and multi academy trusts to understand the key areas they are focusing on and the recommended actions they are giving. It’s clear that the ICO are targeting schools and multi academy trusts for audits. 3 audits were published during March. In this article on GDPR news for Schools, we’ve detailed below the scope of the audits. We’ve also included key findings, helping you ensure that you are ready for an audit if the ICO come knocking!

THE GENERAL SCOPE OF THE ICO AUDITS IN SCHOOLS

GOVERNANCE AND ACCOUNTABILITY

The extent to which information governance accountability, policies and procedures, performance measurement controls, and reporting mechanisms to monitor data protection compliance to both the GDPR and national data protection legislation are in place and in operation throughout the organisation.

DATA SHARING

The design and operation of controls to ensure the sharing of personal data complies with the principles of all data protection legislation.

TRAINING AND AWARENESS

The provision and monitoring of staff data protection, records management and information security training and the awareness of data protection regulation requirements relating to their roles and responsibilities.

REQUESTS FOR PERSONAL DATA AND DATA PORTABILITY

There are appropriate procedures in operation for recognising and responding to individuals’ requests for access to or to transfer their personal data.

SOME AREAS OF IMPROVEMENTS ACROSS THE AUDITS

  • The trust should possess full documentation on the risk management process, including risk escalation processes.
  • Implementation of a programme of regular internal data protection audits. Reporting on routine compliance checks is essential.
  • The trust should introduce annual, mandatory information governance training for all staff. It should be reported on as a key performance indicator. Training should include how staff should recognise a subject access request.
  • Introduction of specialist training for key staff. This should include subject access requests, data sharing, and data protection impact assessments.
  • The trust should document fully its approach to data sharing. It should record the details of all data sharing and data sharing decisions centrally.
  • Create processes for dealing with ad hoc disclosures.

General Findings

There is a limited level of assurance that processes and procedures are in place and are delivering data protection compliance. The audit has identified considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with data protection legislation. It was also noted that data sharing and mapping (record of processing activity) requires further attention. Other areas of concern were the lack of DPIAs where personal data is at risk.

Training From The Experts At DPAS

Keeping knowledge fresh and skills up to date is essential. Our Data Protection In Practice For Schools training course meets those needs and also allows you to raise challenges specific to your situation among professionals in a similar situation and share experiences to improve your service delivery.

related posts

Get a Free Consultation

sign up

Want to receive a copy of our monthly Data Protection newsletter and news from the DPAS team?

Footer logo

Helping organisations access the value of their data, create a vision, embed the change and build the future.

QUICK LINKS

WHAT WE DO

COMPANY POLICIES

contact info

Book Your Call

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative or definitive statement of the law.

©2024 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED

Website Development by GSL Media