Happy summer holidays from all of us here at SchoolPro TLC! We know that many of you have already started the summer break with the remaining few schools just a day or so to go. We hope you have the opportunity to take a break over the next few weeks, get some rest and recharge the batteries!
If you do need us for anything over the summer break, there will always be someone around to assist you. Our DPO@schoolpro.uk email address will be monitored throughout the next 6 weeks or so and we will get back to you as soon as we can if you email that address.
Here is a summary of the latest updates and alerts for your organisation. It is a bumper edition to cover the summer!
Important Alerts and Urgent Updates
- New SAR Guidance – The ICO has issued new guidance on SARs emphasising that ‘It’s Important not to get caught out’. We have already circulated our own summary and guidance of this which provides a useful overview of this topic.
- The Children’s code and EdTech products – the ICO updated its guidance at the end of May regarding this topic. One of the key implications of the code is that a DPIA must be completed if the EdTech provider falls under the scope of the code. This guidance explains when that is likely to happen.
- The ICO has also published its research into the Children’s Code including what has been learned through the process of developing and implementing the code, as well as the emerging evidence of its impact.
- Privacy Notices – the DfE updated its privacy notice model documents. The changes are minor but we will be updating our own templates to match over the summer.
- The ICO offers lessons for organisations to avoid formal reprimands.
- The DfE released the Government policy on information sharing and the use of a consistent child identifier.
- The ICO has published its response to the Data Protection and Digital Information (No 2) Bill. We have created a summary of this response which you can access here.
- The DfE have updated their guidance on how schools can share daily attendance data and access attendance reports by updating the data protection information in the privacy notice in ‘How this data will be used’. There has also been an update in the section ‘What data we need’. It has been changed from ‘The data will be refreshed for codes changed within 7 days of registration’ to ‘The data will be refreshed for any codes you change after you start sharing data’.
- Linked to the above, the DFE has also published guidance on how to use the view your education data service to access the monitor your school attendance tool.
- The DfE have updated guidance for how educational and childcare settings should plan for and deal with emergencies, including significant public health incidents and severe weather.
General Data Protection Updates
- As the UK Government considers data protection reform, Parliament heard assurances on GDPR adequacy from the ICO.
- The EU and US have agreed a new data transfer mechanism to replace the Privacy Shield. The European Commission have provided this useful Q&A about the agreement. We wait to see if this might have any impact on UK-US data sharing…
- Thankfully, we have seen relatively few compensation claims on the basis of data breaches but some good news on that front as the Court of Justice of the European Union recently stated that “mere infringement of the GDPR does not give rise to a right to compensation.” We’re hoping that the UK takes the same approach.
- The Court of Justice of the European Union has also clarified that regarding Subject Access Requests, requesting a ‘copy’ of personal data means that the data subject must be given a faithful and intelligible reproduction of all those data.
- We often talk in training about how the future will be without passwords and Google are taking another step towards that with the introduction of ‘passkeys’.
- The DfE has published a revision to non-statutory advice to support practitioners in the duties and decisions they take to share information.
- The DfE is also seeking views on their revisions to the Working Together to Safeguard Children statutory guidance.
- The DfE have updated their guidance on how to apply for access to personal data from DfE and its executive agencies and also their information on how the Department for Education (DfE) and its executive agencies share personal data.
Latest SchoolPro TLC Information
- A reminder this month on the importance of staff training. Staff should be trained on data protection as part of their induction and then refreshed at least every 2 years if not annually (which would be best practice).
- One of our Gloucester infant schools, Dinglewell, is seeking support for a short period of time (6-12 months) to cover governor clerking duties. If anyone can any assist, please contact Ian on firstname.lastname@example.org.
- We’ve recently added the following document to the portal in Global Documents:
- DPIA for sharing data with SaLT providers – ‘DPIAs’ folder
- We’ve also added new data categories to the data mapping tool in order to make it even more comprehensive than it was before. The categories that have been added are as follows:
- Pupils – Class codes & subjects; court orders; learning journey evidence; medical practice contact information; professionals’ reports & referrals; reports; SEBD/SEMH; and, surveys.
- Staff – characteristics: ethnicity, language etc; disciplinary or grievance information; identification passport/DVLA; pension; performance; salary; trade union membership; and, UK right to work.
- Parents – Communications; financial payment or debit; FSM evidence; surveys; and, court orders.
- This month, we are pleased to inform you that we have organised a complimentary advisory session in partnership with Peninsula UK for our clients who may be facing challenges or have issues regarding HR, employment law, and health and safety matters. Get Complimentary Advice From The Market Leading HR and H&S Provider.
SchoolPro TLC Ltd (2023)
SchoolPro TLC guidance does not constitute legal advice.
SchoolPro TLC is not responsible for the content of external websites.