Data Protection as it is now o What Laws cover this? (DPA, CMA, PECR) o Offences o Penalties
The new GDPR – what is it and when does it apply? o When passed o When enforced o Brexit?
What’s new in the GDPR? o Accountability o Privacy by Design o Data Protection Officer o Data Processors accountability o Legal basis for data processing, consent etc. o Fair Processing Notices o Breach Notification o Penalties o Data transfers outside the EU
What does it mean for schools and the education industry? o What data do you hold/process? o Why do you hold/process this data? o What is it used for? o Who has access to it? o Who is it shared with? o Where is it stored/processed? o How and when is it disposed of? o Are the data subjects aware of the above? o CCTV? o Profiling/automated decision making
How do you ensure compliance for your school? o Audit of your data o Justifying the data processing (legal basis/consent etc.) o Privacy Impact Assessments o Staff awareness and training o Appointing a DPO o Data Sharing Agreements and policies o Privacy Notices o Ensure you have a ‘paper trail’ as evidence o Subject Access Requests
How do you check suppliers’ compliance? o Accreditations? (ISO 27001 etc.) o Contracts o Documentation o Data Portability (if you want to switch supplier etc.) o Data retention periods o Data disposal methods
How do you deal with data breaches? o Breach Notification procedure o Incident Response Plans o Responsibility within school? o Liability minimisation
How do you deal with Subject Access Requests? o SAR procedure o Responsibility within school? o Working with your suppliers to fulfil SARs o Data minimisation & retention
o Summary of the elements covered in the course
o Presentation of the GDPR software solution
o Q&A session
The GDPR (General Data Protection Regulation) will apply in the UK from 25th May 2018, changing the way schools manage and look after data and information; from paper in filing cabinets, through to the retention of student/staff records to monitoring day-to-day activities and security.
It is important that schools are aware of the changes and start planning their approach to GDPR compliance. Failure to comply with GDPR could see large fines issued for your school data controller.
GDPR is a complete change to current data protection and:
Strengthens & unifies data management Makes it mandatory to report data breaches within 72 hours 3rd party data processors must be GDPR compliant Mandates need for formal contract and/or SLA Issue fines for non-compliance up to 20 million Euro's or 4% of global turnover Gives control to individuals
On completion of the course delegates will have:
Awareness and understanding of the new GDPR and its impact on your organisation The requirements GDPR will impose on you Steps you need to take to ensure your organisation is compliant How to ensure your suppliers are GDPR compliant Practised practical skills you can apply in your own organisation.
Full day course with lunch provided, please advise of any dietary requirements. A cancellation charge will apply if the course is cancelled within 10 days of the course taking place of the full course amount.
School senior leaders, data protection leads, compliance and governance officers, data managers, data officers, chief executives/directors from schools and MATs.