GDPR – One Year On School Business Managers Forum 4 July 2019 Hilary Smith, Head of Strategy, Policy & Governance Sean O’Regan, Data Protection & Freedom of Information Officer

Does your school have; A Data Protection Officer? (Internal or third party?) A privacy notice in place? An Information Asset Register? GDPR compliant policies? Data processing agreements with third party processors? Information Sharing Agreements with third party Controllers in common? Data Protection Impact Assessment procedures? Impacts on every UK organisation that processes personal data of EU residents Brexit won’t change a thing – Law comes into force whilst UK is still a member state. HOW EASY IS IT TO FIND THE NAME OF YOUR DPO AND YOUR PRIVACY NOTICE? WHO HAS COMPLETED A DPIA? IF NOT, WHO HAS IMPLEMENTED A PROJECT WHICH INVOLVES PROCESSING DATA ABOUT INDIVIDUAL(S) – COULD BE LISTS, VIDEO, PHOTO, etc.

Data Protection Officers Are you happy with current arrangements? Satisfied with DPO services from any third party providers? Satisfied that internally appointed DPOs can perform the role to required standard? Resourcing issues – is data protection creating strain? New elements & significant enhancements Rights: Right to be informed Right to access Right to rectification Right to erasure Right to restrict processing Right to Data portability Right to Object Right to Not to be subject to automated decision making including profiling.

HLT resources available online (free) HLT resources available at https://www.hackneyservicesforschools.co.uk/extranet/gdpr Template documents and guidance notes on key compliance activities

Questions? Do you feel supported when data protection matters arise? Would schools like the option of a traded Data Protection Officer service from HLT? Would you benefit from a dedicated advice/guidance helpline?