PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is - - PowerPoint PPT Presentation

protection
SMART_READER_LITE
LIVE PREVIEW

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is - - PowerPoint PPT Presentation

Sep 23, 2023 352 likes •475 views

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

slide-1
SLIDE 1

GENERAL DATA PROTECTION REGULATIONS

May 2018

slide-2
SLIDE 2

GDPR

  • What

is GDPR

  • What

is different

  • Principles
  • f
  • f GDPR
  • How

does it effect school

  • How

are school preparing

  • How

does it effect individual staff

  • How

can staff prepare

  • Summary
slide-3
SLIDE 3

WHAT IS GDPR?

  • The

General Data Protection Regulation (GDPR) is a piece

  • f

EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their

  • wn

data.

  • It

will apply from 25 May 2018

  • Effects

EVERYONE – all staff are responsible for complying with regulations

slide-4
SLIDE 4

WHAT IS DIFFERENT?

  • Similar

to the Data Protection Act (DPA)

  • 1998. But

expands and strengthens the principles

  • f

DPA

CHANGE ANGE REQUIRE UIREME MENT NT Subject Access Requests No longer able to charge

  • f

access requests and have 1 month to comply Consent Must have consent to process personal data. Data Breaches ICO must be notified within 72hours

  • f

data breaches where an individual is likely to suffer some form

  • f

damage i.e identity theft. Failure to comply could result in 20 million euro fine. Data Protection Impact Assessments Now a legal requirement to carry

  • ut

I.A when considering using data in new ways i.e new IT systems Data Protection Officer Must have a designated DPO who will take responsibility for D P

  • compliance. Can

not be member

  • f

SLT

  • r

Admin staff due to possible conflict

  • f

interest.

slide-5
SLIDE 5

PRINCIPLES OF GDPR

Processed lawfully, fairly and in a transparent manner 1 Collected for specified, explicit and legitimate purpose 2 Relevant and limited to what is necessary in relation to the purpose for which the data is processed 3 Accurate and kept up to date 4 Kept in a form which permit identification

  • f

data subjects for no longer than is necessary for the purposes for which the personal data is processed 5 Processed in a way that ensures appropriate security

  • f

personal data. 6

GDPR sets

  • ut

six princi cipl ples es

  • f

data ta proces cessin sing.

  • g. These

se say the personal

  • nal

data ta must be:

slide-6
SLIDE 6

DATA BREACHES

Breach

  • f

security

  • f

personal data when transmitted, stored

  • r

processed leading to:

Accidental Destruction Unlawful Destruction Loss Unauthorised Disclosure

Unauthorised Access Alteration

slide-7
SLIDE 7

HOW DOES GDPR AFFECT SCHOOL?

  • As

data controller and data processor school must ensure the security

  • f

all data subjects personal information i.e staff, pupils, parents etc.

slide-8
SLIDE 8

HOW IS SCHOOL PREPARING

  • NEXUS
  • GAP

Analysis

  • DPO

Appointed

  • Privacy

Notice for parents/staff updated

  • Action

plan in place

  • New

Signing in system

slide-9
SLIDE 9

HOW DOES GDPR AFFECT STAFF

  • All

staff need to be aware

  • f

the principles

  • f

GDPR

  • All

staff must comply with GDPR regulations

  • All

staff are responsible for reporting data breaches

  • Staff

should be aware

  • f

how school collect and process their individual data

slide-10
SLIDE 10

HOW STAFF CAN PREPARE

  • Receive/be

aware

  • f

Staff Privacy Notice

  • Be

aware

  • f

and apply GDPR Principles when sharing data

  • Ask

yourself ‘Can I share this information’ – ‘What is the reason for sharing the data’

  • Ensure

secure email system is used when sharing information

  • Ensure

PIN codes are set

  • n

phones/mobile devices especially if you access calendar etc

  • Log
  • ut
  • f

all IT system when not in use

slide-11
SLIDE 11

HOW STAFF CAN PREPARE

  • Do

not leave any pupils/parents personal data (e.g pupil reports, SEN reports, CPOMS printouts etc) lying around school

  • Confidential

shredding should be sent to the main

  • ffice
  • If

you take work home, ensure security is maintained at all times i.e encrypted pen drives etc.

  • Have
  • rganised and

secure filing systems (manually and electronically)

  • Adopt

regular and appropriate data cleansing processes

  • Any

Data Breaches must be reported IMMEDIATELY to DPO

slide-12
SLIDE 12

SUMMARY

  • The

principles

  • f

GDPR are not a new thing.

  • The

majority

  • f

processes are already taking place in school.

  • If

you are unsure

  • r

have concerns about anything ask DPO

  • r

Fiona

  • DPO: Nick

Holden data@englishmartyrs.co.uk