GDPR for Schools

Act now to keep everybody on track with GDPR compliance, by booking a ‘soft’ audit day.

Once your audit day is booked, your DPO can structure the day to their own needs, but we suggest as a minimum that we follow a real case scenario Data Protection Advisory Visit Report which will cover the following:

  • Review the Data Mapping Exercise – The ‘What, Why, Where and How’ of data held.
  • Data retention – Review of school records and safe data destruction. You can save money and free up space for back up whilst fulfilling the requirements of GDPR.
  • ‘Buy in from the Board’ – is GDPR a regular item on the Board agenda?
  • Overview of your policies & documentation – version control
  • Review and update your procedures under GDPR
  • Fair processing – review your privacy notice(s)
  • Data breaches: the data breach action plan/appropriate records – a solid action plan and clear documentation of preventative action can only serve you well in an Ofsted inspection or an ICO investigation.
  • The rights of Data Subjects including Subject Access Request/Right to be forgotten, how are you dealing with these? What records are you keeping?
  • Processing of data – Lawful basis
  • Removable Media – the school policy
  • Physical security – such as cabinets, drawers and windows
  • Compliance monitoring – spot checks
  • Secure printing
  • Data Processors – the right to audit – documented in contract
  • Review and refresh staff training and awareness with materials and posters – breach reporting and any other training which maybe job specific.
  • Acceptable Use – Staff and Pupils
  • Ask questions
  • Produce an agreed review and action plan for demonstration of your journey towards compliance and ‘basic IT security practice’.

What will your audit consist of?

  • Addressing the main concerns and questions from the DPO
  • .gov annual review of school records and safe data (document). We may suggest a senior visit to carry out the data minimising/create shared drive ready for destruction if required
  • Walk through data protection toolkit for schools
  • Suggest literature/ posters/staff training and awareness prompts (ICO recommend refresher for staff every 6 months)
  • Summary of support documents that can be supplied to DPO if requested, plus DPO ‘to do’ list
  • Audit appraisal form/comments
  • Diary a next review date
Get in touch