According to the Information Commissioner’s Office, there a few steps that those working in education can take to ensure they are compliant with General Data Protection Regulation (GDPR) requirements / legislation.
- The first step is awareness. Organisations need to make sure that their people who handle any type of personal data are aware that the Data Protection Act is changing to the GDPR (Regulation (EU) 2016/679), a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
- As an approved centre of Qualifi we ask that you look at who you are sharing data with and conduct an information audit to see the reasons why. Clearly, you share candidate information with Qualifi and we in turn make information available to the qualification regulators. You must put in place a system that will help verify a person’s age ( a requirement of learner registration) and if under 18 then you must gather consent from a parent / guardian for any data processing activity that you might do. For your information and please see Qualifi’s policy information relating to privacy here – http://qualifi.net/privacy-policy/
At times you will want to remove data of former students from your system. To do this, you need to consider the students’ rights and this can determine how you delete data or provide data in an electronic format; please familiarise yourself with what is and is not allowed.
- In the event of a significant data breach, you as do Qualifi, must have reasonable procedure methods in place to combat the issue and minimise the leak of data. As part of the centre review process we may ask you to provide and/or describe your policy and procedure. Please note, all staff handling data should be aware of these procedures. It could be beneficial for you to appoint a Data Protection Officer who can take responsibility for data protection.
Sources of information pertinent to above:
- http://opt-4.co.uk/dictionary/DataProcessor.asp
- http://opt-4.co.uk/dictionary/DataController.asp
- https://strategiccfo.com/asset-disposal-definition/
- http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know
- https://dpreformdotorgdotuk.files.wordpress.com/2016/03/preparing-for-the-gdpr-12-steps.pdf
- https://ico.org.uk/for-organisations/education/