Almost everywhere that GDPR is mentioned, people are quick to highlight the massive fines set to be imposed for the slightest infringement of the new rules. This recently prompted the Information Commissioner to publish a series of blogs aiming to debunk the ‘fake news’ surrounding GDPR.
Yes, the GDPR does provide potential for increased penalties – but these are for major breaches affecting large numbers of data subjects and which cause huge issues for those affected. These fines will not be imposed for minor infringements any more than the current maximum fine under the DPA is ever used.
It’s certainly true that there’s a lot to take on board with the new GDPR. For example, it stipulates six principles that organisations must adhere to when processing personal data, to ensure that it is:
- Processed fairly, lawfully and in a transparent manner.
- Used for specified, explicit and legitimate purposes.
- Used in a way that is adequate, relevant and limited.
- Accurate and kept up-to-date.
- Kept no longer than is necessary.
- Processed in a manner that ensures appropriate security of the data.
It’s important, when preparing for the GDPR, not to lose sight of what this law is about: delivering greater transparency, enhanced rights for employees and pupils and increased accountability.
Remember, whilst GDPR is bringing in a number of changes and will be the most robust data protection legislation we have ever seen, it is also an opportunity to ensure your school is proactively protecting the sensitive information it holds.
Helping Schools Prepare for GDPR
Groupcall has been working hard to help schools prepare with the minimum of fuss. Firstly, we are running CPD-certified training courses to support the journey to compliance. To find out more, visit www.groupcall.com/gdpr-training.
Secondly, we would encourage you to take a look at GDPRiS – a complete GDPR management solution specifically developed for schools. It helps document data flows, map and audit personal data and prompts the use of SAQs. It helps guide all school staff to a new level of data protection understanding. For more information head to www.groupcall.com/gdpris.
While there is a great deal to be done, if your staff have undertaken GDPR training, keep good records of policies, procedures and contracts with suppliers, conduct data protection impact assessments and take thorough risk minimisation measures, you’ll be well on your way to compliance.
[Taken from The GDPR Compliance Ebook, which can be downloaded in full from www.groupcall.com/gdpr-reference-guide.]