Are there security gaps lurking in your college

The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The GDPR places more liability on data controllers to ensure appropriate security of their data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

Like all organisations, schools, colleges and universities are responsible for complying with changes to the Data Protection Act with the introduction of GDPR. Schools and colleges can be fined up to £500k for breaching the Data Protection Act. In addition to increased penalties for data breaches, schools also need to be able to react to Subject Access Requests from their students – if a student requests to have access to the information that is held about them, like all organisations, schools must be able to respond to this request as individuals now have ‘the right to be forgotten’.

One way in which organisation can increase their responsiveness to their customers is to implement an information management system whereby all data is mapped out, indexed, catalogued and stored via a web portal which schools can access and manage online.

Topwood’s dedicated document storage would provide:

Barcoding, indexing, cataloguing (by contents and destroy dates) and categorising (by cost centre or department for example) for boxes/files
Transfer the boxes to secure storage to BS5454.
Provide an inventory of all the stored material via secure web portal which will allow users to manage on-line.
Pick and deliver, either deliver same-day, next day or scan for users to download electronically.
Destroy material from storage once it reaches the end of its intended retention period.

document storage

The holidays are when business managers in schools and colleges need to be aware of the heightened risk of a data breach. Reduced staff cover, increased home working, a more relaxed atmosphere on-site and the increased use of maintenance contractors coming into contact with confidential information are all likely to increase the risks of a data breach.

A data security risk assessment in schools would be considered due diligence that preventative measures were in place.

Assess your own security in your college with our information security risk assessment – click the icon below:

Click to download the self assessment

Related Articles:

Why are office shredders risky?

How secure is your paper recycling process?

Why shred size does matter