The new academic year is well under way now and autumn has truly arrived! On our recent visits to schools, it is clear to see the buzz and vibrancy in the classrooms, the passion and commitment of the staff, piles of leaves in the playground, and hats and scarves starting to appear!
This month's newsletter focuses on a number of "housekeeping" items linked to maintaining your data protection compliance with a particular focus on staying up to date with tasks such as your ICO Registration, staff changes, data protection impact assessments, and data map changes.
If you have any further questions about the topics below, or if you would like to book a visit from us, please get in touch. Enjoy the rest of the term and we hope you are able to make the most of the season - autumnal walks through the leaves, flavoured coffees from your coffee house of choice, oh, and the small matter of the Rugby World Cup!
It is a requirement that Data Controllers are registered with the ICO and that includes schools and colleges. You should also have your Data Protection Officer named on the registration. The vast majority of our schools are registered but we have recently audited the ICO register and noted the following:
It has now been nearly a year and a half since the GDPR came into force. All organisations should be logging any breaches that they identify, whether they are ultimately reportable to the ICO or not. All of you have access to our Data Protection Portal - https://app.schoolpro.uk/ - where you are able to log your breaches and notify us in the event that we need to provide your with assistance.
A number of you have never logged a breach on the portal and we do urge you to keep track of all breaches and potential breaches that you identify within school. Organisations with completely blank breach logs may be interpreted as being either incredibly robust with their practice so that they never have a single breach, or that they are not taking their data protection duties seriously and are ignoring or simply not recording any breach instances.
Please stay vigilant with regards to breaches and remind staff to notify the central point of contact within your school if they have a concern or incident to report. If you are unsure whether you should be logging an incident or not, log it on the portal anyway and we can advise from there.
Data Accuracy: Keeping Up To Date
Principle 4 of the GDPR is "Accuracy". Whilst working with schools so far this academic year, we have identified a number of areas where it is important to maintain data accuracy:
School Newsletters: Distribution by Email
Over the last week, a number of our schools have been seeking advice around one particular data protection subject: school newsletters. A question was raised as to whether or not schools need to seek consent from parents/carers for newsletters to be sent home either via pupil mail or email.
As your Data Protection Officer we ensure the advice we convey is accurate and have therefore ascertained definitive guidance through the Information Commissioners Office (ICO). As a result, we can confidently advise that schools DO NOT need to seek consent for newsletters to be communicated. However we do suggest the following steps:
We are confident this is the news you would like to receive as it negates any additional work that you may have been concerned about.
GDPR in the News
Criticism of planning details hidden from the public 'because of GDPR' - CoventryLive
European court ruling spells end of pre-ticked cookie consent forms under GDPR - The Drum
Employee awarded damages for breach of the GDPR - Lexology
Please contact us if you do have further questions at GDPR@schoolpro.uk.