The GDPR and Data Protection Act 2018 came into effect in May 2018. It is safe to say that a lot has changed in the 2 years since that day! We are continuing to support you through these challenging times so please contact us if you think that there is anything we can do to help out. And, exactly as we said in last month's newsletter, we continue to be amazed by the fantastic work being done both in school and remotely by teachers and schools across the country!
In this month's newsletter, we are going to look at some of the key lessons learnt since the GDPR and Data Protection Act 2018 became law two years ago. We also have more advice from the ICO and data security specialists about avoiding scams during the current lockdown as well as reminders and advice about staying safe whilst working remotely. And we have news about key document updates on our portal including our Data Protection Policy and Privacy Notice templates.
If you have any further questions about the topics below, or if you would like to book your next visit from us, either online using video conferencing or onsite once schools reopen, please get in touch via GDPR@schoolpro.uk.
Stay safe and healthy!
Two Years of the GDPR - What Have We Learnt?
Later this month, it will have been two years since the introduction of the GDPR and the Data Protection Act 2018. Here are some of the key lessons that we have learnt in that time:
Protecting You and Your Staff from Covid-19 Scams
The coronavirus pandemic has seen a number of scams arise as criminals seek to take advantage of organisations and their staff. Many of these are targeting businesses but they could equally be targeted at schools so it is wise to be prepared and aware of what the risks are:
Invoice/mandate scams – An organisation may be contacted out of the blue by someone claiming to be from a regular supplier. They state that their bank account details have changed and will ask you to change the payment details.
Never rush a payment. Use contact details that you have used before to check that it is genuine.
CEO impersonation scams - A sophisticated scam that plays on the authority of company directors and senior managers. A member of staff receives a phone call or email from someone claiming to be a senior member of staff – they ask for an urgent payment to a new account and instil a sense of panic. Scammers may even hack a staff email account or use spoofing software to appear genuine.
Be cautious about unexpected urgent requests for payment and always check the request in person if possible.
Tech support scams – With more people working remotely and IT systems under pressure, criminals may impersonate well-known companies and offer to repair devices. Criminals are trying to gain computer access or get hold of passwords and login details. Once they have access, criminals can search the hard drive for valuable information.
Always be suspicious of cold callers. Genuine companies would never call out of the blue and ask for financial information.
Information provided by the GFirst LEP (www.gfirstlep.com) and Businesses Against Scams - a new element of the successful Friends Against Scams initiative, run by National Trading Standards to provide free online training to protect and prevent people from becoming victims of scams www.friendsagainstscams.org.uk/.
The ICO also has information on staying one step ahead of the scammers on their Your Data Matters blog.
Staying Safe Whilst Working Remotely
Last month, we shared advice about keeping your staff safe whilst working from home including advice from the ICO. This month, they have produced ten top tips for working securely whilst working from home that we would encourage you to share with your staff:
More information and advice from the ICO about this topic can be found in their working from home hub.
As well as this, here is another resource to help staff stay safe during this period of time provided by Cyber Security Associates:
How We Will Regulate During Coronavirus - ICO
ICO - News, Blogs and Speeches - ICO
Coronavirus (COVID-19): Guidance for Schools and Other Educational Settings - GOV.UK
Reducing Burdens on Educational and Care Settings - GOV.UK
Case studies: remote education practice for schools during coronavirus (COVID-19) - GOV.UK
The Skills Toolkit - National Careers Service
Tech Tip - Setting A Background in Microsoft Teams - Reformit
We have recently updated a number of policies and privacy notices for you which you can find on the portal. The documents updated are:
These documents have increased rigour around the conditions of processing for special category data and criminal offence data as well as a few other minor updates.
Going forward, we are adding a 'Document Version Control Log' to the start of each document to detail the changes that we've made each time they are updated. This has been requested by schools and will make it easier for you to identify what is different to previous versions without having to scan through the entire document.
We have also added all of our Covid-19 resources including our action plans, risk assessment template, infographics and staff training fact sheets - all of which can also be found on this blog.
Data Protection in the News
Zoom faces a privacy and security backlash as it surges in popularity - The Verge
Coronavirus: Call for single EU tracking app with data protection - BBC
Microsoft Teams doubles down on security advice - TechRadar
Aptoide data breach leaks personal info of over 20m users of the Android app store - 9To5Google
EU privacy body urges anonymization of location data for COVID-19 tracking - TC
Nintendo confirms 160,000 accounts accessed in huge privacy breach - Eurogamer
Exercise app accused of "massive data leak" - CyclingTips
Stuck at home, UK lockdown DIY fans slammed with Robert Dyas data breach - ZDNet
Sheffield data breach: Drivers' details 'leaked' online - BBC
Please contact us if you do have further questions at GDPR@schoolpro.uk.
SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites