General Data Protection Regulation

This post is offering information only. Legal advice is neither implicitly nor explicitly provided.

This regulation came into force across the EU on 24 May 2016 and will apply across member EU states from 25 May 2018.
It was added to UK law in the Queens speech on 21st June 2017.

GDPR is possibly the single largest change to data protection laws that many people reading this post will ever need to work through.

GDPR is the latest “flavour of the month”. I know, I see the spam mail traps for a few schools.
Invariably these emails scream “€4 million fine”.
So, a primary school with 60 children and a grade 2 listed building in a deprived area is sitting on €4 million?

The main theme of the act is to protect data related to natural persons, hopefully to stop this:-

opt out gdpr

Thank you to @officialjacwild on Twitter for permission to use this classic.

The final comment “.. can be very obscure indeed and quite hard to opt out ..” highlights a problem many of us face.

GDPR Overview

love locks bridge in paris

In a previous page GDPR is compared to the Health and Safety Act. It may be worth thinking of it as Health and Safety for data.

An important point to consider immediately is that “data” is much more than the information held on your computers.
GDPR is a senior management function as much, if not more than, an IT function.

The GDPR makes the data subject the centre of attention.
Why is this important?

Here’s an interesting, and quite terrifying graphic regarding the quantity and location of data about you! All 4.3 Terrabytes of it!

In early June 2017 Tony Sheppard of Mobile Guardian gave a presentation to the EduGeek conference, comparing data protection and the GDPR to the Wild West. The video of his session is very informative and helpful. An interesting emphasis on “those things that should be done now HAVE to be done”.

On the subject of GDPR and the “Wild West” Gimapero Nanni of Symantec has produced an excellent 3 page article “The Good, The Bad and the Ugly”. This is not specifically aimed at schools, but gives a good overview of areas to consider.

This page was produced during May and June 2017, as the trickle of GDPR scaremongering became a flood. I am the named contact for a range of packages / solutions in place in some primary schools.
Just as I was typing up the next paragraph, this gem appeared in my inbox.

gdpr big fine

“Failure to have contracts in place or..” “20 million euros”. Not very pleasant putting such fear in the minds of overworked head teacher and school business managers?
I deliberately have my spam filters set a little more relaxed than school systems, hence that one got through.

At the time of writing this post (June 22nd 2017) the record fine for data protection was nearer €6 million and was imposed on a British company by an Italian court.
This was part of an €11 million total fine for data breaches and money laundering. There are multiple reports on this incident on the internet – one of the most thorough is here.

So, if your school is involved in deliberate fraud and large scale money laundering, then please do take care.

Official Websites

The EU has produced, and keeps updated, a very useful set of resources related to the regulations.

The UK Enforcement Agency is the ICO (Information Commissioner’s Office).
They have produced some useful guidance notes to help prepare for the legislation.

The ICO website has a useful twelve step guide to help you prepare for the GDPR.
It’s worth adding an 13th step – download and print off the document, then have (as a minimum) a skim through it.
The document has the snappy title of:-
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).

While on the ICO website they have produced the excellent  “Getting Ready for the GDPR“.
This is worth working through and answering honestly.
You can then download a Word document showing your position and some of the work you will need to carry out.

The ICO have produced a handy YouTube video which has some superb points.

There appears to be a lot of co-ordinated work regarding GDPR going on in Ireland.
This is the link to the Irish Data Protection Commissioner (DPC).
The links in the section below to the GDPR Coalition are to a group in Ireland.

Links

These are links to external websites, many are commercial organisations.
We aren’t responsible for the content on these sites. Please contact us if you find any unsuitable and they’ll be removed.

GDPR Awareness Coalition is an Irish based non-profit organisation.
Their website has some fabulous infographics to help you see the challenges ahead.

LSA MediaPolicy blog provokes as many questions as answers.
There are many other child related GDPR posts on this site.
This link will take you to “search gdpr” on the LSA blog.

The Institution of Mechanical Engineers has produced a very clear, easy to read page.
This is one of the better ‘starting points’ for businesses.

The EduGeek forum for Data Protection, although school specific, has some very useful information for any organisation.

Many of the articles below are ‘advertorials’ and are subtly (think sledgehammer) promoting a product or two. Even so, they cover some very important points and are amongst the best items I’ve found.

“Hidden data” – where are the copies and the copies of the copies?
This Acrobat file from Veritas is a very good starting point to think about this problem. It’s a 3 page pdf with large graphis, so it can take a second or two to load.
The concept of ‘scattered’ data can surely apply to teachers working from home.School laptops?

It’s not just about computers.
NHS records left in a warehouse is something they’ll probably want to avoid in the future.
Print management comes under the spotlight in this article (from a printer manufacturer).

Lots of conflicting advice
This blog gives some ideas for event marketers about cleaning their databases.
While this entry in the ICOs’ own website shows what happened to Honda and Flybe for their attempts at cleaning their data lists!

 

 

 

Useful Apps

As the legislation comes closer there will be apps and programs available from many sources.

Some will be free, many will be fremium and some will be charged.

A very useful early free iOS app is from the solicitors, Field Fisher.
This app is very quick and easy to use, is not ‘in your face’ with adverts for the company and seems to be free of adverts and freemium links.

 

We have built up an extensive library of useful links.

To receive access to that library and also to be informed of other related services please complete the form below.
Your information will not be shared with other organisations.

By completing the form below you are allowing us to add you to our mailing lists and allowing us to send you information on the goods and services we provide.

 

Your Details

Please let us know how to get back to you.


By ticking, you're okay with the terms above

How can we help?

Feel free to ask a question or simply leave a comment.