We hope that you are having a great term and are enjoying the festive end of term run-in! As we visit schools at this time of year, we get to see the fantastic decorations in classrooms and listen to school choirs rehearsing. The effort everyone puts in is truly astonishing! Especially on top of the normal day to day routines and end of term expectations. The end is in sight and with it, a well-deserved rest with friends and family!
This month’s newsletter features a reminder of our advice on schools as polling stations as well as information regarding your data protection considerations for school shows. We will also be reminding you about how to avoid fines when renewing your ICO registration and the importance of recording the compliance checks of your data processors.
If you have any further questions about the topics below, or if you would like to book a visit from us, please get in touch. Enjoy the festive season and we will see you in the New Year!
Schools as Polling Stations
We recently issued advice to schools if they are being used as Polling Stations during tomorrow’s election. The advice can be found in our previous blog post.
We also created a checklist that can be used both before the day and on the day itself as a reminder of the data protection considerations for your school. You can also download the checklist from the button below:
Data Protection and School Shows
At this time of year, every school around the country will be putting on Christmas performances of some kind, whether it is a traditional nativity play or something completely different. A number of you have asked for advice with regards to your data protection duties concerning these shows so we thought we would put together some key points for you:
- Parents are within their rights to take photos or videos of their children during a performance, at least from the point of view of the GDPR. These images/videos should be for personal use only however so it is worth reminding parents of this either with signs or through a pre-show briefing. Both is probably best!
- You may want to take your own recording of the show as a school. You should gain consent for this prior to the performance, especially if you are intending to distribute this to parents, on the school website, or on social media.
- When recording a show, it is possible that the audience will be caught on camera. Clearly, it is impractical to get consent from audience members prior to this. However, clear signage that indicates a recording is taking place and that they may appear would be suitable. This example is available online as the sort of sign you could use:
https://www.resourcecentre.org.uk/wp-content/uploads/2015/05/Photos-will-be-taken-sign-1.pdf
ICO Registrations – Getting Your Tier Correct
We have mentioned ICO registrations in previous newsletters so hopefully you are up to date with your ICO registration as a school! This is something that we are checking prior to visiting you and discussing with you if it needs urgent attention. However, a common theme that we are encountering is schools not registered on the correct tier. This is not made particularly clear on the renewal email that you will receive from the ICO so we want to clarify things here.
The tier that you are on is based on the size of your organisation. Unless you have charitable status (in which case you will be on Tier 1 by default), the tier sizes and costs are as follows:
- Tier 1 – 10 members of staff or fewer – £40 (£35 if paid by Direct Debit).
- Tier 2 – between 10 and 250 staff – £60 (£55 if paid by Direct Debit).
- Tier 3 – more than 250 staff – £2900 (£2895 if paid by Direct Debit).
Most schools will sit in Tier 2 as a result. It is important that you are in the correct tier or you risk a fine. The ICO has stated that organisations who are registered on a tier prior to the intoduction of the GDPR don’t need to worry about this until they renew at which point they need to ensure they are on the correct tier.
If you have already renewed your registration since the GDPR came into force in May 2018, check that you are on the correct tier for your size and, if you are not, ensure that you correct this with the ICO.
If you haven’t yet renewed your registration since the GDPR came into force in May 2018, check the tier is correct when your renewal is sent through so that you are renewed onto the correct tier.
If you have any questions about this, please contact us and we can help!
Data Processor – Compliance Checks
Recent ICO audits of MATS has identified an area of improvement around the completion and recording of compliance checks of data processors. Many processors will have sent out compliance information in the run up to the GDPR being introduced in May 2018 and we know that most of you have records of these either electronically or in hard copy.
Ensuring that you keep an up to date record of compliance checks for all of your processors is important for your own compliance and accountability, and forms an essential element of your data mapping. It is equally important that this is kept current as you bring on new processors to work with your school.
We can perform compliance checks for you if you need us to and we have also made available a Data Processor Agreement template in Global Documents on the portal if you need to put one in place with a processor. We can also assist you in recording all of your compliance checks in your data map if you provide us with the necessary information. If you are unsure about this, we can discuss it with you at our next visit or please get in touch.
If you have any questions about this, please contact us and we can help!
GDPR in the News
Apple iPhone 11 Pro ‘can override location settings’ – BBC.co.uk
Internet provider faces big GDPR fine for lax call centre checks – BBC.co.uk
Recent GDPR Enforcement Underscores the Need to Verify the Identity of Persons Requesting Data about Themselves – Lexology
Yodel parcel tracking app blabs about other people’s parcels – Naked Security
SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites.