The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA) came into force on 25 May 2018 introducing new requirements for schools as data controllers. Schools must ensure their data processing activities are compliant with this legislation and must be able to demonstrate how they are meeting these new requirements.
8 key tasks
With these changes in mind, HLT is using a framework of 8 key tasks to complete in order to ensure your compliance. This will be updated and may be added to if any new requirements or changes to the legislation arise.
The 8 key tasks to complete are as follows:
- Appoint a DPO
- Complete an Information Asset Register and information audit
- Review and update your Privacy Notice
- Review and update arrangements with 3rd party data processors
- Review and develop internal procedures and policies
- Review your Subject Access procedures
- Review your data breach management procedures
- Embed Privacy by Design in your school
To support schools with this we will be issuing a series of written guidance notes supported by tools and template documentation.