Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018.

Published byBlanche Salomé Cormier Modified over 5 years ago

Similar presentations

Presentation on theme: "Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018."— Presentation transcript:

1 Data protection in the Education Sector - understanding the impact of GDPR
Tuesday 23rd January 2018

2 Agenda Data Protection Law is changing – why is this? Three Key Principles you must know…. Preparing to be a compliant organisation – key steps Appointing a Data Protection Officer Your people and their role in assuring compliance Governance considerations – how to demonstrate you take data protection seriously

3 Data Protection Law is changing – why is this?
Legislation should ideally be uniform across Europe; The extent to which personal data is captured and used has grown dramatically over the past decade; Real harm can occur if personal data is misused or is not kept in up to date form; Data breach reporting and penalties for data breaches will benefit from being uniform.

4 Three Key Principles you must know….
Understanding when you are a data controller (and the responsibilities this brings); Understanding what is meant by processing data (and how to ensure you have compliant relationships with third parties who do the processing for you); Understanding the legal basis upon which you are entitled to store and process data (and being transparent in your relationship with the data subject).

5 Ability to work with personal data is not always based on consent
There are times when you should not rely on consent!; Avoid relying on consent where possible as operating on a consent basis has become more complicated; The basis upon which you process data may be:- Consent; Legitimate interest; Performing a function in the public interest; To protect the vital interests of the data subject.

6 Preparing to be a compliant organisation
Appointing a Data Protection Officer Your people and their role in assuring compliance Governance considerations – how to demonstrate you take data protection seriously

7 Appointing a Data Protection Officer
All organisations in the public sector must appoint a Data Protection Officer; The role can be outsourced but this approach is likely to leave considerable risk with the organization; The DPO must be free from conflict of interest. Conflict is regarded as leading to the exclusion of:- The Chief Executive/Executive Principal Director of Finance Head of Technology The DPO must have reporting access directly to the Board/Governing Body.

8 Your people and their role in assuring compliance
Staff behaviour is a vital element of compliance The process of accessing personal data is regulated – data looked at must be reviewed for a legitimate reason

9 Develop a clear reporting regime for the DPO directly to the Board
Governance considerations – how to demonstrate you take data protection seriously Ownership of oversight/monitoring and management of compliance is with the Data Protection Officer How good is your Board/Governing Body understanding of Data Protection issues – are there any experts within the group? Develop a clear reporting regime for the DPO directly to the Board Integrate data protection training into your induction and providing easy access to refresher/updated training (online products are likely to become available) Make sure there is genuine challenge from the Board! Ensure that the DPO is fully supported in his/her role.

10 Are you ready to develop an action plan?
Some excellent resources on the ICO website; Guidance should be forthcoming from DfE (scope and timing is unclear); Do find a way of ensuring access to professional advice; Explore collaboration with other schools to achieve cost sharing for activities involved; Start an audit of personal data held; Ensure there is a Board/Governing Body briefing this term!; Make your decision on the Data Protection Officer appointment and (for MATs leads at each school); Start to raise awareness within the School; Make sure your privacy policies are updated. Keep in close touch with developments and spend time understanding good practice!

11 Your Questions

12 Your speaker Frank Suttie Partner | Commercial E: T:

Download ppt "Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018."

Similar presentations

Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?
Challenge Questions What outcomes have we achieved?

Challenge Questions What outcomes have we achieved?
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
European Data Protection reform: preparing for the future Richard Syers - Strategic Liaison, ICO 12 September 2014.

European Data Protection reform: preparing for the future Richard Syers - Strategic Liaison, ICO 12 September 2014.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Now that you’re registered Matt Crichton | Communications Officer Anne Duffy | Advice Services Officer Amanda Watkins I Senior Manager, Compliance Regina.

Now that you’re registered Matt Crichton | Communications Officer Anne Duffy | Advice Services Officer Amanda Watkins I Senior Manager, Compliance Regina.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
Overview of Structure General Data Protection Regulation (GDPR)

Overview of Structure General Data Protection Regulation (GDPR)
Providing assurance on risk management and controls

Providing assurance on risk management and controls
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
Information Destruction; 2017 and beyond!

Information Destruction; 2017 and beyond!
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know

Similar presentations

Ads by Google