The law on data protection will change on 25 May 2018 when the General Data Protection Regulation comes into force.
Schools will need to take a number of steps to ensure compliance ahead of the May 2018 deadline. As a first step, you should identify the types of personal data held by your organisation and the sorts of data processing carried out on behalf of, for example, pupils and parents, employees, contacts and other members of the public. From this starting point, your school should consider whether such processing is lawful and otherwise carried out in accordance with the requirements of the regulation.
GDPR strategic planning
Failure to comply with the GDPR could lead to significant financial penalties being imposed on your school so it is critical that you review all data protection arrangements at a strategic level.
At Wrigleys we can help your school with the following:
- to understand your obligations under the GDPR including training.
- to design and implement data mapping exercises to identify personal data held by your school and third parties and the processing carried out on your behalf.
- to prepare the documents required to demonstrate compliance with the new legislation, including:
- privacy notices
- data protection policies
- data protection agreements with third parties.
- untangle the knotty issue of consent including when consent to the processing of personal data is required and how it should be obtained.
Contact Wrigleys to discuss how we are helping schools to prepare for GDPR.
Article: "What will the EU’s new data protection regime mean for UK charities?" Peter Parker considers how charities can comply with changes to data protection law (Published by Civil Society in March 2017)