How Will GDPR Affect the Education Sector?
Ability to Prove Compliance
Organisations within the education sector are typically in a better position to comply with GDPR than many other private companies. This is because they usually have an existing data protection policy in place which is adequately robust. However, under the GDPR, compliance alone is not enough. Organisations will have to prove that they are compliant by undertaking a number of accountability measures.
Accountability measures include Privacy Impact Assessments, Data Protection Audits and pseudonymisation. Click here to find out more about how you can prove your organisation is GDPR compliant.
Increased Accountability of Personal Data
Education providers already have to be accountable for the data that they store since it often falls into ‘special categories of data’ such as religion and ethnicity. However, under the GDPR higher penalties will be in place for non-compliance, meaning that importance of being accountable is increased. The education sector is one that is likely to hold the largest amount of personal data, so in order to become GDPR compliant, schools should identify and review all the data they hold against these questions:
Within the education sector, there are a wide variety of platforms on which data is stored. Therefore, schools must ensure that they cover all areas to ensure compliance. This can include data stored in curriculum tools, payment systems, core management systems, virtual learning environments and safeguarding systems. Under the GDPR, attention is also paid to the storage of biometric data, so it is important that schools don’t forget to review any information they may have on identity management systems.
Some areas of risk that may be overlooked include software that is not on the SLTs radar, such as subject-specific data, or data which is held within apps used by teachers during lessons. With the recent development of a variety of apps for education, many teachers make use of them without the school being informed. Once GDPR is in effect in May, the school must ensure that any apps being used are compliant, to ensure that they too remain compliant.
Do you need more information about how you can get ready for the GDPR? Arden Group has teamed up with Microsoft and Mimecast to bring you a complimentary GDPR Seminar in Birmingham. Click here to find out more information and book your place.
We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. That means that the views brought forward in this page are not necessarily shared by lawyers or courts.
Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.