3 GDPR issues your school may be neglecting

Arena Group

Arena works with many clients in the education sector, helping them with the common issues they face relating to the management, control and security of their vital documents. In addition to copy and print, and managed print services, Arena Group has developed mstore for Education, its own electronic document and records management system (EDRMS). mstore delivers a user-friendly mechanism to improve the whole document storage, retrieval and archiving process, whilst adding a level of security and functionality to improve legal compliance and the security of critical files.

Website: www.arenagroup.net/ Email This email address is being protected from spambots. You need JavaScript enabled to view it.
Image courtesy of supplier. Image courtesy of supplier.

At a recent webinar on ‘Practical Insight on the GDPR for schools’, Arena’s Neil Maude shared some of the most relevant features of the new data protection regulation for schools, the potential impacts, and next steps. This was followed with a survey to understand the state of play for education on individual schools’ journeys towards the May 2018 deadline, which has elicited some interesting insights. For example:


1. Neil outlined the case for appointing a data protection officer (DPO) within schools, which comes from the Information Commissioner’s (ICO) requirement for a DPO in place for all public organisations. This would seem to include schools. However, whilst a school’s DPO would need the right expertise and time to do their job effectively, did you know that a DPO could be shared between a number of schools, eg per Trust or alliance? The schools we survey were split 50/50 on whether they had a DPO in place or not. Therefore, for many schools there’s clearly some work to be done when it comes to appointing and bring the right person up to speed ahead of the deadline.


2. Perhaps one determining factor limiting progress is awareness and buy-in from school leadership. Arena finds that process change in any type of organisation, commercial or public, needs high-level sponsorship to ensure action and adoption. However, our survey suggests that most school leadership teams do have the GDPR on their radar. In reality, the biggest challenges to change are far more diverse and specific to each organisation. One respondent identified that “Making staff follow all guidelines” was their biggest challenge. Another similarly felt that “Changing the mindset of keeping information ‘just in case’ and where that ‘just in case’ information is stored” was critical to successful roll-out of new ways of working. One school leader cited “Getting people to act” was theirs: “Systems are there, but what about paper on people's desks?”


3. In terms of systems and technology, all respondents still keep student records in filing cabinets, with 75% utilising secure paper archiving and over 10% still using unsecured paper archiving. Unsecure storage of personal data is a red flag even for current data protection regulations, and whilst a majority have secure storage, the challenge occurs when trying to access records. With the anticipated rise in requests relating to personal data expected, Neil urges schools to try a mock subject access or a ‘right to be forgotten’ request to test out how efficiently and effectively this request can be fulfilled to meet the more stringent requirements under the GDPR. This is where digitising paper records such as student and HR records really starts to make commercial sense to a school, with the cost of time lost adding to the print, storage and risk of financial penalties.


Remember, there is no single off-the-shelf solution that will ensure schools achieve compliance with the GDPR. Neil describes in the webinar how you need a combination of “people, process and technology”. You can read more about the survey responses and access Neil’s webinar by visiting www.arenagroup.net/education.


Want to receive cutting-edge insights from leading educators each week? Sign up to our Community Update and be part of the action!

In order to make our website better for you, we use cookies!

Some firefox users may experience missing content, to fix this, click the shield in the top left and "disable tracking protection"