One of the biggest changes in our data protection laws in over 25 years kicks into play on 25th May 2018 with the introduction of the General Data Protection Regulation (GDPR). Already, soundings from the Information Commissioner’s Office (ICO) indicate that this is likely to be more rigorously enforced and consequences include fines reaching 20 million euros or 4% of annual worldwide revenue. Schools, academies and other educational institutions will need to understand and demonstrate compliance to the changes required by the new legislation; Ofsted will undoubtedly have an ongoing focus on any data protection breaches which will now have to be reported within 72 hours. Inevitably, parents and supervisory authorities will be keen to ensure educational institutions are compliant with the new legislation and that mandated privacy rights are properly respected and enforced.
Templar Executives is an award winning Cyber Security company with a unique pedigree of working with organisations across government and the private sector and providing a pragmatic approach on how to address this new landscape. Educational institutions that already have a robust data protection regime in place will be well placed for implementing GDPR, but the starting point for everyone is to achieve a good understanding of what the new legislation entails and the obligations that have to be met. This will require proper GDPR training not just for individuals responsible for implementing GDPR within their organisations, but for a wider audience as the impacts are pertinent to governors, teachers, school carers, and third party suppliers. This can start with the simple steps of building awareness and training to prepare and understand what is expected. As well as undertaking training on what is required, schools, academies and other educational institutions will have to review how they collect and use personal data, and what is required in terms of a Data Protection Officer (DPO), their risk management processes and policies (including Privacy Impact Assessments and Subject Access Requests), and third party providers.
The bottom line is that organisations must be able to demonstrate compliance and a ‘defensible position’ with regards to implementing GDPR, with staff appropriately trained to make informed decisions based on the risk management processes in place.
If you would like more information on GDPR and how to implement this within your organisation please contact Templar Executives on +44 (0)203 542 9075, or email: firstname.lastname@example.org.
For more information on our range of Cyber Security courses, please visit https://www.templarexecs.com/academy/courses/