With the deadline to implement the General Data Protection Regulation (GDPR) coming closer, it is important that you put strict procedures in place to ensure all your data is protected. This is important for the both the data your share with your suppliers and the data you process in the office.
To help you do this, we have put together a list of things to check with your suppliers and the school office.
To ensure that your suppliers are protecting your data, your Data Controller must ask companies they share data with the following questions:
All these answers must be in writing and cannot be confirmed verbally.
In the case of 3rd party processors, the Data Controller from the school or academy is responsible for compliance and will decide what data is shared, however, both parties will need to keep a record of the processing/activity policy.
Processors will need to receive a contract and terms and conditions with the controller before any invoice can be sent. If the data controller leaves the supplier, both parties are then responsible for the deletion of any data and it must be confirmed to each other when this has taken place.
If you need to know more about the basics of GDPR for schools, click here to read our previous blog post.
Another way to ensure all your data is protected is by having the proper security procedures in place for your office. For this, you should ask yourself the following questions:
If you see any of these security measures being breached, you must report it as soon as possible.
GDPR will introduce a strict 72-hour time period for all security breaches to be reported to the ICO, which also includes weekends and bank holidays, if not you could face serious consequences.
We hope this has helped clear the air about GDPR, even if it is just a little. However, if you’re still confused and feel like you need more help, we can offer you just that.
On 7th March, we are holding a GDPR training session where our guest trainer, Stuart Abrahams from Think IT, will talk through everything schools will need to know concerning GDPR, showing practical scenarios that apply to the education sector, and third parties that will be able to make becoming compliant much easier.
If this interests you, click the button below and book your place.
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. You may not rely on this as legal advice.