The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The GDPR places more liability on data controllers to ensure appropriate security of their data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Like all organisations, schools, colleges and universities are responsible for complying with changes to the Data Protection Act with the introduction of GDPR. Schools and colleges can be fined up to £500k for breaching the Data Protection Act. In addition to increased penalties for data breaches, schools also need to be able to react to Subject Access Requests from their students – if a student requests to have access to the information that is held about them, like all organisations, schools must be able to respond to this request as individuals now have ‘the right to be forgotten’.
One way in which organisation can increase their responsiveness to their customers is to implement an information management system whereby all data is mapped out, indexed, catalogued and stored via a web portal which schools can access and manage online.
Topwood’s dedicated document storage would provide:
The holidays are when business managers in schools and colleges need to be aware of the heightened risk of a data breach. Reduced staff cover, increased home working, a more relaxed atmosphere on-site and the increased use of maintenance contractors coming into contact with confidential information are all likely to increase the risks of a data breach.
A data security risk assessment in schools would be considered due diligence that preventative measures were in place.
Assess your own security in your college with our information security risk assessment – click the icon below: