The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The GDPR places more liability on data controllers to ensure appropriate security of their data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Like all organisations, schools, colleges and universities are responsible for complying with changes to the Data Protection Act with the introduction of GDPR. Schools and colleges can be fined up to £500k for breaching the Data Protection Act. In addition to increased penalties for data breaches, schools also need to be able to react to Subject Access Requests from their students – if a student requests to have access to the information that is held about them, like all organisations, schools must be able to respond to this request as individuals now have ‘the right to be forgotten’.
One way in which organisation can increase their responsiveness to their customers is to implement an information management system whereby all data is mapped out, indexed, catalogued and stored via a web portal which schools can access and manage online.
Topwood’s dedicated document storage would provide: