How GDPR compliant is your school?

The introduction of the General Data Protection Regulation (GDPR) in May 2018 came with new challenges for schools and academies, particularly in relation to data storage and policy development. Schools must put in place internal processes to demonstrate accountability and compliance with the regulation. Now known as the UK GDPR, schools must consider their data protection obligations set out in the Data Protection Act 2018.

All schools are required to appoint a Data Protection Officer (DPO) to take responsibility for data protection compliance within the school or academy.

To help you implement and manage the challenging GDPR changes, Coventry Council’s Legal Services has created a Data Protection Officer Service to ensure that your DPO responsibilities are catered for by a data protection specialist working within our legal team.

The DPO will:

  • Continue to raise awareness of the UK GDPR within schools and provide specific training to staff at the necessary level for their role
  • Supply guidance and support on identifying the personal data used and stored by schools including advice on incorporating systems for privacy by design and records management.
  • Provide standard policies and procedures relating to data protection policies, privacy notices and guidance for personal data requests and breaches.
  • Conduct an annual school audit to review compliance and produce a report detailing any recommendations
  • Provide template Data Protection Impact Assessments and individual advice where these are necessary
  • Be the school’s first point of contact for the Information Commissioner (ICO) and for data subjects (employees, contractors, parents and pupils) including the notification of any data breaches
  • Supply standard wording for the written agreements required with any person or company processing school data
  • Provide individual advice and draft correspondence for a school in relation to subject access requests, data breaches and any other data protection matters at the request of the school
  • Provide regular focus group meetings to discuss best practices and hints and tips for compliance, as well as frequent reports on legislation and technology as this evolves.
  • When required, communicate with data subjects and parents.
  • Review internal detecting, reporting and investigation procedures for personal data breaches to avoid administrative fines of up to €20m.

If you would like to find out more about the service, please contact syeda.ahmed@coventry.gov.uk .