Data Privacy Day – a School’s Reflections
This year, for Data Privacy Day, we’ve been reflecting on the journey that our school clients have taken to improve their data protection compliance. We interviewed one of our clients for their reflections on the changes they’ve made to their data protection practice since working with our service.
Q1) Does data protection matter to you? If so, what is it that makes you think this?
Yes, Data protection absolutely does matter. There are guidelines and legalities that apply to all of us, rightly so, and it is our duty to follow, protect and respond to these. Annual training, GDPR updates and getting into good ‘habits’ reminds me on a daily basis why these matter. Data protection can sometimes seem a minefield, however, it is an area where I feel brilliantly supported by the GDPR team so that makes it feel less frightening and more rewarding.
Q2) How do you keep data protection ‘alive’ in your school?
Annual training as well as regular mentions in staff meetings, staff emails and additional training. It is part of the ‘ethos’ of the school. Staff are aware of data breaches and always bring them to me. These are then mentioned in staff meetings as ‘reminders’ to be vigilant.
Q3) Do you feel you have a positive data protection culture where staff are confident and engaged?
I feel like we have a positive culture in school. I make it very clear that as Headteacher I have over-arching responsibility for much of data protection. As a school we encourage an open and positive culture and communicate well together. Staff are aware that they can speak out on breaches without feeling like they are ‘telling’ on each other. I will always mention if I make any data breaches so that staff know that we are ‘in it together’.
Q4) What is it like working with an external Data Protection Officer? What is it like working with the Education Data Hub Team?
I cannot speak highly enough of the support we get from our Data Protection Officer and Education Data Hub team. Responses to queries are always timely and detailed and a phone call is made if something needs to be spoken about in more detail. Information is always clear and concise.
Q5) What is the most important data protection lesson you have learned in recent years? What do you do differently as a result?
We think much more about how we present names / information regarding children, particularly as we have an increasing number of vulnerable children in school. School reports are always collected rather than handed out, displays are not named, and we double check permissions for naming children outside of school with parents etc.
Q6) What would your advice be to other schools regarding data protection?
Don’t go it alone. Develop a positive culture in school around data protection – encourage staff to be curious but don’t frighten them. Encourage open and honest lines of communication.
Above all, if in doubt – ask! Use the highly skilled individuals in the team and your data protection officer to ask for help – I do it all the time! We can’t expect to be experts ourselves so ask the experts instead!
Many thanks to Catherine Robinson at Stonelow Junior School for taking part in this interview.