On May 25th, The European Union is introducing the General Data Protection Regulation (GDPR) and every individual within the education sector is likely to be affected by these data changes. For schools that handle personal data on a regular basis, it’s important to understand how the GDPR will shake things up.
The current Data Protection Act has been active since 1995, so the GDPR is a much needed refresher on protecting our data, particularly as technology has drastically evolved since the 90s. Data can be collected many ways online, which is concerning considering how much of our information is shared online.
If you’re in the education sector, you need to be aware of the new changes and what they could mean for your school.
What the GDPR means for your school:
As schools handle a large amount of personal data, such as information about students, grades, medical history, images and more, they’re subject to tighter control when the GDPR comes into play on the 25th.
Proof of Consent
A lot of the data that schools collect falls under a legal basis, which means that anything that falls into this category will not need to be given specific consent by students or their parents. Anything that falls outside of this category, however, will need explicit consent by students (over the age of 13) or their parents. Schools must be particularly careful when sharing data with third parties.
Proving Compliance
Hopefully your school already has a quite robust data protection policy in place, which means that you’re in a good position to comply with the GDPR.
Under the new legislation, your school may need to introduce tighter record keeping and mapping where the data is processed – whether it’s done internally or by a third party. In order to prove compliance, schools will need to document every system that processes personal data.
Accountability for Personal Data
Schools will need to do somewhat of an audit on their data, ensuring what is on file is up-to-date, not kept there for too long, and processed in a safe and secure manner.
What you can do:
Your school is probably already well-equipped to handle personal data, but as the legislation becomes tougher, there are a few ways you can prepare:
- Figure out what aspects of the new legislation your school is not already following, and work to address them.
- Find out where your data is stored, how long it’s kept, where it goes and how it’s used. Making a list of these should uncover any warning bells.
- Check that the software you use is also GDPR compliant, including all apps.
We’ve got your back – data privacy and data security are built into Schoolbox learning management system and community portal software. We will always work to protect your data and make sure it is secure.
Our policy ensures that we never give access to any private information without appropriate authority and permissions, and only provide access to trusted third parties. This keeps our system free from vulnerabilities, assuring we only store and display the data required to deliver our features.
Does This Affect Australian Schools?
As you may be aware, Australia also changed up its privacy legislation laws earlier this year. For our Australian customers, we’ve updated our privacy policy to reflect these new changes.
For further information, get in touch with us today.
Speak soon,
The Schoolbox team