Data Protection Day 2024

Written on 25 January, 2024

5 things your school can do TODAY to improve data protection compliance.

The Data Protection for Schools team within The Education Data Hub offer a suite of services designed to support schools in complying with their obligations under UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our services are delivered by experienced and specially trained information governance specialists, recruited specifically for their experience in data protection and their understanding of the education sector.

We’d like to use this Data Protection Day as an opportunity to remind schools of the importance of keeping up their data protection compliance journey.

School life is extremely fast-paced, busy and pressured. Sometimes schools do not have the time or staff to complete everything that needs to be done, however all schools have important data protection obligations.

A school’s data protection compliance journey has got to start somewhere, and these are the first 5 things you can do:

1. Check your ICO registration is up to date and includes the correct contact details.

All organisations who process personal information are required to pay a data protection fee to the Information Commissioners Office. This fee must be renewed annually.

You can find out more information about checking, editing and renewing your ICO registration by clicking here.

2. Contact your Data Protection Officer.

Schools have a statutory obligation to have a data protection officer (DPO), please make sure your school has a DPO and you know how to get in touch with them.

The role of the DPO is to assist the school in monitoring their compliance by informing and advising you on your data protection obligations. Whether your DPO is internal or external, make sure you are giving them the information they need to be able to support you.

3. Check your training records.

The ICO require organisations to have an all-staff data protection and information governance training programme and that you keep records of your staff completing this training.

You should keep records of who has had training and make sure you follow up with any staff members who have not completed training recently. Staff who have additional data protection obligations within the school will require an enhanced level of data protection training.

If you find yourself in the unfortunate position of having to report a data breach to the ICO, you will be asked to confirm whether that staff have had data protection training within the last 2 years.

4. Change your passwords and encourage your staff members to do the same.

Schools are storing more and more information online, on a variety of platforms such as management information systems, communication applications and behaviour logs. It is important to make sure staff have different passwords for different services and use secure password methods such as the National Cyber Security Centres three random words approach.

The ICO do not recommend changing passwords regularly. As a general rule, they recommend you get users to create a strong initial password and then only change them if there are pressing reasons, such as breach of your systems resulting in passwords being compromised.

Why not use Data Protection Day as an opportunity to remind staff that they should be creating strong passwords to help ensure data is adequately protected.

5. Check your privacy notice

Providing accessible information to individuals about their use of their personal data is a key element of their legal right to transparency as per the UK GDPR. Have a look on your website for your privacy notice and check when it was last reviewed.

Have your school changed the way they process data since that review date? For example, have the school signed up to new EdTech providers, or started using Cloud storage? If yes, you will need to put time aside to update your privacy notice, to clearly explain how you process personal data.

If you require any assistance or advice on the above, or any other data protection needs, please don’t hesitate to get in touch with us at [email protected].

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.