Data Protection in Schools: Practical Tips for Staying Compliant
January 29, 2021
Data protection in schools could not
be more important. Schools collect a lot of information (or "data")
from parents and will need to provide transparency about how this information
will be used. You must also collect consent from parents for you to store their
data.
As technology improves and the world of education moves increasingly
online, data protection is a must. If you email parents concerning your child's
grades, parents evenings, school trips and exams, you will need to explain
exactly how you plan to use this information.
If you fail to do this, you will be breaking GDPR and could face a
penalty.
Data protection in schools: how to ensure GDPR
compliance
To ensure compliance, it's important to keep up with current
regulations. GDPR sets out seven key
principles that your school must follow:
- Fairness and transparency:
you will tell parents what data you are collecting and why you need it
- Purpose limitation: you will
only use data for essential purposes and not sell it to a third party
- Data minimisation: you will
only collect data you need for essential purposes
- Accuracy: you will, to the
best of your ability, ensure all the data you collect and store is genuine
and accurate
- Storage limitation: you will
only store the information you need, e.g. parent contact information,
child health records, allergy information, etc.
- Integrity and
confidentiality: you will ensure the security of all data collected
- Accountability: your school will claim full
responsibility for the data you collect
These seven principles are vital to your approach to processing personal
data from parents and children, and you should display them in your school
privacy notices.
Do you need to display school privacy notices?
Your school must display data privacy notices on all enrollment
documentation when a child starts school. You should also display a clear
privacy notice on your website. It's a good idea to send a digital privacy
notice to all parents at the beginning of each school year.
To comply with data protection laws, you should include the following in
your privacy documents:
- How you intend to collect
and store personal data and why
- Your school's identity and
the identity of your nominated school representative
- Details on confidential
waste procedures
- Computer security policies
- Information regarding third
parties involved with the processing of data
- How personal data is
encrypted and stored electronically
- What happens if data is lost
or stolen
- Guidelines on if and how
data is shared outside of the school
- Any additional information related to safe and
fair data processing
How to ensure data protection in schools
Here are some tips to ensure your school complies with data protection
regulations:
- Make sure you use strong
passwords and store them securely
- Encrypt all personal
information and store it electronically
- Shred all physical copies of
confidential information or hire a confidential waste service
- Install virus checking
software and firewalls on all school computers and devices
- Turn off "auto-complete"
settings on all school computers
- Limit school access to
personal information unless completely necessary
- Make sure all storage
systems are secure
- Keep digital devices and paper information
locked away when not being used
If you plan to take photos in school, you will need expressed consent
from parents to use these photos on your website, social media, or any other
physical or digital school materials. At the start of each year, parents should
sign a consent form to detail if and how their child's photo is allowed to be
used. You must make sure you abide by these regulations at all times.
Submit your comment