A school’s biggest risks to GDPR compliance?
Your partners or online services you use (e.g. cloud services, management systems)
As an educational institution holding data for children and parents you were probably well ahead of the curve on ensuring the safety of their data before GDPR was announced.
You may have tightened up any and all aspects of your organisation internally prior to the upcoming 25th May 2018 deadline but you could find all your hard work undone if you fail to ensure the services and partners you use are also compliant.
It is your responsibility to ensure the services you use or share data with are themselves compliant with the regulations and failure to do so may make you culpable in cases where there is a data breach - even should it occur on the part of your partner company/service.
Consent
You may need to reach out to your parents and/or students to ensure you have the legal right of consent to share their data with your partners, even those you are already engaged with.
Article 28, para. 2 of the GDPR states “The processor (in this case you) shall not engage another processor (a partner company or service) without prior specific or general written authorisation of the controller (in the case of children, their parents or legal guardian).”
What you should be doing
Reach out to your partners and service providers for proof of their compliance and/or request they fill out a data audit template. Check whether you have the correct form of consent from parents to share data e.g. names, postcodes with your service providers and ask for proof as to why these details are required – e.g. log-in security or providing the service.
CoachHire.com have been working closely with our customers to ensure we have the processes, procedures and protections in place to safeguard your data at a level that exceeds that required by GDPR. These include setting up secure, encrypted transfers of data, external audits, staff training courses and ensuring processing of data is in line with regulations.
We have a wealth of expertise to share including free resources and data audit templates that you can use to ensure your other partners are compliant and survey and consent forms you can reuse to ensure consent is informed and freely given by parents and students.
Our experts are at the ISBA 2018 Conference in Brighton from 9th - 10th May on Stand 72 to field your questions - or you can email us on [email protected]
