What is it? And why should I know about it?
The General Data Protection Regulation (GDPR) are a new set of European Union regulations designed to protect the personal data of EU citizens.
In the UK, the new regulations will replace the Data Protection Act 1998; effectively updating data protection arrangements formed before the rapid expansion of digital technology.
GDPR has far reaching implications for all organisations handling personal data. And organisations have two years to become compliant with the regulations; ending 25th May 2018.
GDPR will apply to all ‘public bodies and authorities’; the definition of which is likely to be that used for the Freedom of Information purposes. This includes local authorities, universities, publicly funded museums, state schools and NHS trusts.
GDPR allows any European protection authority (like the Information Commissioner’s Office, the ICO, in the UK) to take action against organisations, regardless of where they are based. And enforcement is backed by fines of up to €20m or 4% of group annual global turnover.
From this, you can see that you should start preparing now.
- Is your school prepared?
- Do you have updated, GDPR-compliant, policies?
- Are you sure that your parents and pupils are giving consent to use their data under the new law?
- Are you aware of the new timeframes to which you have to work? – some as short as 72 hours.
Let us help you
The DAISI Service, which is part of Nottingham City Council, has created the GDPR Toolkit. It contains all the essentials for an operational approach to GDPR, enabling your school to show tangible evidence of its GDPR compliance. It has been designed for schools such as you, for use by:
- Head Teachers,
- Business Managers,
- School Governors,
- other key personnel, and
- anyone involved in reviewing, developing and enforcing the school’s policy and operational response to GDPR 2018 and the Data Protection Act 2018.
The Toolkit contains resources and information to help support your school, including:
- policy document templates covering essential areas of compliance,
- tools for conducting an Information Audit and for structuring the results in a way that drives the school’s ongoing observance of GDPR,
- guidance on the Toolkit resources, and
- training on GDPR, its requirements and how to meet them.
Under GDPR the key data protection principles remain basically the same. However, the organisational energy required to adhere to these principles will be significantly increased. Lawful data processing will become harder and individuals will have more rights over their data and more ways of challenging its processing. GDPR introduces a new principle of ‘accountability’.
Policy Document Templates
As part of the GDPR Toolkit, you will receive the following Policy Document Templates in Word format:
- Acceptable Use Policy,
- Data Protection Policy,
- Email Policy,
- Freedom of Information Policy,
- Incidents and Breaches Policy,
- Mobile Computing Policy,
- Records Management and Retention Policy.
It also includes the following supporting documents:
- Data Protection Impact Assessment Tool (DPIA)
- Information Asset Register,
- Information Audit Data Mapping Tool,
- Privacy Notice (PN), including a Sample Privacy Notice for Primary Schools, and
- Retention Schedule.
In addition to the policies, you will also have access to an exclusive Udemy video course which contains videos which detail the rationale behind each of these policies, and how to adapt them to suit your needs.
It also contains our November 2017 Data Protection update “Preparing for the General Data Protection Regulation”.
- Learn about the 12 steps to take now.
- Find out the rationale behind the updated policies.
- Find out how consent is changing, and what you will no longer be able to do.
To purchase your GDPR Toolkit please click here. Each toolkit is priced at £350 and you only need one per school.
Part of an MAT? Then the price is £350 for the first school, and £99 per additional school.