Tony Sheppard Mobile Guardian

Slides:



Advertisements
Similar presentations
The EU General Data Protection Regulation Frank Rankin.
Advertisements

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)
General Data Protection Regulation (GDPR)- an overview
Data Protection Regulation
GDPR 12 POINTS 679/2016 DATA LEX 2016.
General Data Protection Regulation (GDPR)
Key changes with the GDPR
Accountability & Structured Privacy Management
Presentation to GTMC on GDPR
Information Destruction; 2017 and beyond!
GDPR – What’s it all about???
GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017
The EU General Data Protection Regulation (GDPR)
GDPR Overview Gydeline – October 2017
GDPR support January GDPR support January 2018.
GDPR Overview Gydeline – October 2017
INTRODUCTION TO GDPR 19/09/2018.
Data protection reform:
General Data Protection Regulations
Jason Gaskell GDPR – The Basics Jason Gaskell
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
Data Protection Reform in Local Government
GDPR - New Data Protection Regulation
GDPR – The Role of the Data Protection Officer (DPO)
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
GDPR in schools and academies
Sue Cawthray, CEO/ Gill Thrush, Catering Manager
Introducing the General Data Protection Regulation 2016
ESET UK IT Security Specialist
GDPR and Health and Safety
General Data Protection Regulation: Opportunity, Threat, Vulnerability
Data protection reform – update from the ICO
Information Governance
G.D.P.R General Data Protection Regulations
ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know.
Presented by Trevor Butler
Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018.
From DPA to GDPR: the key elements
The GDPR & Schools - An Introduction -
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulation (GDPR)
A whistle stop tour of GDPR
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
How we use Your Health Records
GDPR (General Data Protection Regulation)
How we’ll prepare for the General Data Protection Regulation (GDPR)
IMPLICATIONS OF GDPR ROBERT BELL.
General Data Protection Regulations 2018
GDPR enforcement begins
The General Data Protection Regulation Six months on – What’s changed
General Data Protection regulations – Pathway to Compliance
GDPR – General Data Protection Regulation
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
What Governors need to know about GDPR
The General Data Protection Regulations 2016
GDPR: Understanding your obligations and the ongoing challenges
GDPR Session
General Data Protection Regulation “11 months in”
ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know.
GDPR – One Year On School Business Managers Forum 4 July 2019
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Tony Sheppard Mobile Guardian GDPR and Schools www.mobileguardian.com

How the west was won Ray Mears : cc https://blog. raymears

“We all need to keep our foot firmly on the gas in the coming months to ensure that we are ready.” Jonathan Bamford, ICO, Westminster e-forum

This Town needs a sheriff CC BY 2.0 https://flic.kr/p/fj3xgz

What does it change? Storing Reporting data breaches now mandatory Processing Sharing Consent Remove and forget Reporting data breaches now mandatory Fines have increased drastically Must be sure you use 3rd parties which are GDPR compliant Must appoint or share a Data Protection Officer (DPO)

Getting Advice A lot of advice to sift through Very business orientated Discussions on technology, strategy, operation and accountability often not joined up Language is often not Public Sector relevant or is too full of jargon

Getting Advice ICO - https://ico.org.uk/for-organisations/data-protection-reform/ https://www.peerlyst.com/posts/the-gdpr-wiki-nicole-lamoureux https://www.itgovernance.co.uk/ http://gdpr.school/

The 12 steps in preparing for GDPR Awareness Children Information you hold Data Breaches Communicating privacy information Data Protection by design and Data Protection Impact Assessments Individual’s rights Data Protection Officers Subject access requests International Legal basis for processing data Consent

Awareness It is important that decision makers and key people in school are aware that the data protection law is changing to GDPR on 25th May 2018. This will include the head teacher or principal, governors or trustees and senior members of the administration team. They need to appreciate the impact GDPR will have within school.

Information you hold Document and consider all personal data that is used and stored. This will include data for students, all staff, parents, suppliers, governors or trustees, regular service staff and consultants. If any records are made of individual names or other details, the process you use should be included. You may need to organise an information audit.

Communicating Privacy Information Review current privacy notices and make any necessary changes in time for GDPR implementation. Please visit Department of Education where it is hoped the examples provided will be updated. Also review the ICO’s Privacy Notices Code of Practice

Individual’s Rights Check procedures to ensure they cover all individuals’ rights, including how to delete personal data. Remember much data in school will be regarded as stored under the public interest umbrella (6(1)(e)). Know how to provide data electronically in a commonly used format.

Individual’s Rights the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.

Subject Access Requests Update procedures and plan how to handle requests within the new timescales for information stored on an individual. Remember there must be no charge.

Legal basis for processing data Most data processed in schools will come under the public interest umbrella (6(1)(e)). Identify which does not and document it. This is data which is lawfully processed and which is necessary to allow the school to function. Know what you have Know why you have it Know what you are doing with it Know who is doing things with it

Consent For data that is NOT processed under the public interest umbrella (6(1)(e)) carry out a review of how consent is sought, obtained and recorded. Check existing records to see whether new consent should be sought.

Children Schools already have systems in place to verify individuals’ ages. As standard, they gather parental or guardian consent for the data processing activity. Continue these processes. Identify any system where a student enters their name or other details online. Processes should be put in place when a student reaches 16. At this point school cannot share data with parents automatically without the student’s permission.

Data Breaches It is essential that the correct procedures are in place to detect, report and investigate a personal data breach. Familiarise all staff with these procedures. It is mandatory under GDPR that all data breaches are reported.

Data Protection by design and Data Protection Impact Assessments Become familiar with the ICO guidance on Privacy Impact Assessments (PIA). If, and when, new projects or processes are implemented use the PIA approach to assess risk and impact across the individuals affected. Talk to your suppliers about their approach to GDPR and how their product is compliant / will help you with compliance.

Data Protection Officers Schools are classed as a public authority and therefore MUST designate a Data Protection Officer, to take responsibility for data protection compliance. It is important to assess where this role will sit within school’s structure and governance arrangements. Schools may share a DPO with other schools unless it is very large. However, remember the school itself is still responsible and liable to comply to GDPR not the DPO

International If the school operates internationally, determine under which data protection supervisory authority applies to the you.

The 12 steps in preparing for GDPR Awareness Children Information you hold Data Breaches Communicating privacy information Data Protection by design and Data Protection Impact Assessments Individual’s rights Data Protection Officers Subject access requests International Legal basis for processing data Consent

Next steps Ensure someone takes ownership ASAP Keep Calm and Plan Communicate in plain English Audit and ensure you justify what is going on Talk with your suppliers Ensure that you keep an eye out for further guidance and advice.