Archive | Data RSS feed for this section

Preparing to implement the General Data Protection Regulations

31 Dec

In Governors’ Agenda, Issue 67 – the summer term issue – we alerted you to the implications of the General Data Protection Regulations that were to come into effect on 25 May 2018.  If your governing board has not begun to address the issue, it is high time that members begin to act.

While it isn’t the function of governors to appoint a Data Protection Officer (DPO), as this is an operational matter, they should offer support and scrutiny on her/his appointment.  It is the role of the Headteacher to propose how best to appoint such a person and then take the necessary action to find a suitable person to discharge the functions of securing the data held at the school/academy.

Some schools/academies have decided to use consultancy rather than make DPO appointments.  If that is what your headteacher is proposing to do, governors should closely question her/him about the rationale and criteria for the choice.

Where the headteacher proposes to appoint an existing staff member to undertake the preparatory work, governors should ensure that this person is suitably qualified to do the job and has the time for it.

The governors should appoint one of their members to oversee the work being done in the area of data protection – for want of a better term, “a data protection champion”, who can, when formally visiting the school/academy in the course of the normal school day satisfy herself/himself that the work is being done well.

Data protection should be an item on the agenda of at least one governors’ meeting in the run-up to 25 May 2018.

Continue reading

Assessing Assessments

18 Apr

Assessments in English schools are in a state of flux. There appears to be little likelihood that the government will be bring about a measure of clarity any time soon.   What exactly is happening?

Continue reading

Data Protection law to be strengthened in 2018: Impact on Schools

18 Apr

Complying with the requirements of the Data Protection Act (DPA) 1998 is daunting.   A problem area is managing sensitive personal data.  Data on ethnicity, religion, union membership, medical information, special educational needs and disability (SEND) status, looked-after children, assistance or bursary recipients and sexual orientation are classed as sensitive. A school must have an operational need and/or explicit consent to process this data otherwise it is in contravention to the DPA.  Only people who need to use sensitive data for professional purposes can access it.  Consequently, such data should be accessed only with a password.

A separate taxing issue is making available all the data the school holds on a person to that person when s/he requests it and do so within one month of the request – part of the Freedom for Information (FoI) Act 2000.

Non-compliance has not led to much trouble so far.  In the second half of 2016, only 40 data security incidents – vis-à-vis the education sector in England – were reported to the Information Commissioner’s Office (ICO).  However, very few school staff members are trained in how to comply with the DPA.  They will now need to be (trained) because the present system of managing data will change with the General Protection Data Regulations (GPDR) coming into force on 25 May 2018. This is a part of the European law which will take effect despite Brexit.

Continue reading