General Data Protection Regulation (GDPR) Centre Guidance / Update

General Data Protection Regulation (GDPR) Centre Guidance / Update

 

According to the Information Commissioner’s Office, there a few steps that those working in education can take to ensure they are compliant with General Data Protection Regulation (GDPR) requirements / legislation.

  1. The first step is awareness. Organisations need to make sure that their people who handle any type of personal data are aware that the Data Protection Act is changing to the GDPR (Regulation (EU) 2016/679), a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
  2. As an approved centre of FSBL we ask that you look at who you are sharing data with and conduct an information audit to see the reasons why. Clearly, you share candidate information with FSBL and we in turn make information available to the qualification regulators. You must put in place a system that will help verify a person’s age ( a requirement of learner registration) and if under 18 then you must gather consent from a parent / guardian for any data processing activity that you might do. For your information and please see FSBL policy information relating to privacy here – https://fsbl.uk/privacy-policy/
    At times you will want to remove data of former students from your system. To do this, you need to consider the students’ rights and this can determine how you delete data or provide data in an electronic format; please familiarise yourself with what is and is not allowed.
  3. In the event of a significant data breach, you as do FSBL, must have reasonable procedure methods in place to combat the issue and minimise the leak of data. As part of the centre review process we may ask you to provide and/or describe your policy and procedure. Please note, all staff handling data should be aware of these procedures. It could be beneficial for you to appoint a Data Protection Officer who can take responsibility for data protection.

Sources of information pertinent to above:

  • http://opt-4.co.uk/dictionary/DataProcessor.asp
  • http://opt-4.co.uk/dictionary/DataController.asp
  • https://strategiccfo.com/asset-disposal-definition/
  • http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know
  • https://dpreformdotorgdotuk.files.wordpress.com/2016/03/preparing-for-the-gdpr-12-steps.pdf
  • https://ico.org.uk/for-organisations/education/