The Experts:
Alex Dittel, a data privacy and commercial lawyer at Bristows LLP, London.
Andrew Williams, Consultant at South West Grid for Learning (SWGfL)
Simon Turner, Director of ICT, The Abbey School
Andrew Martin and Lisa Marks, Consultants at Novatia
Key takeaways
Andrew Martin, Principal Consultant at Novatia, was facilitating the Focus Event. Here are his top takeaways from each of the speakers:
Read the small print and negotiate
“For me, everything that Alex Dittel from Bristows said made sense.
Alex reinforced the fact that an institution is liable for its contractors and how they utilise, manage and destroy, or don’t destroy, data.
As the responsibility is on the data owner to check their third parties, this is huge for schools.
It means reading the small print in contracts and maybe renegotiating them – this might be where schools will need legal advice. As Alex said, this could be an issue though because the bigger the organisation the less likely they are to make changes to contracts – can you see Google or Microsoft negotiating individual contracts for each school or trust?
So what does that mean? Do schools have to consider pulling out the use of those services? No. First, read the small print to know exactly what you are signing up for. Then it’s a case of balancing risk – will this service bring more benefit than not having it and what can your school put in place to minimise data leakage from your end?
Get the audit right
Andrew Williams from SWGfL had a strong key message: get the audit right.
This is the key piece of advice we’ve been giving our clients too. You must find out what you’ve got.
A lot of schools and trusts won’t be clear about what they’ve got – this is your first starting point. Do read this blog, “Schools and GDPR – the crucial first step, your data audit” written by my colleague Lisa Marks, about how to begin your audit.
Another highlight for me from Andrew was around portable data devices. These include: usb drives, files left on trains, or bolt on products such as assessment software. Yes, files or workbooks can contain huge amounts of personal data. This just feeds back to: find out what you have already got.
The absolute importance of that and scale of that is huge – my worry is that schools will underestimate how long it will take them to get that picture.
Practical advice on cyber security
Simon Turner, Director of ICT at The Abbey School, covered a lot of very practical ground about how to secure your network and therefore your data.
I really honed in on his message that the Management of the school, academy or trust have to give the right level of support to the ICT team. Protecting the personal data that schools hold must not just be “thrown” at the ICT technicians to manage. We see this happening again and again at schools – leaders think that “It’s an ICT issue so give it to the ICT team” but if the ICT strategy and vision isn’t in place, the ICT will have limited effectiveness. In fact, it happens so often, we wrote a blog about it: “ICT Problems…don’t blame the ICT people…”
School and Trust leaders need to be owning the GDPR and understanding what it means strategically and how they have to set the direction and provide the time for the ICT team to do their part.
The GDPR: it’s not all about the data
My colleague Lisa and I wanted to get two clear messages across: first, GDPR is bigger than just the ICT team. It is all about the data. Schools need to ensure they have the right policies and mechanisms in place to understand the distribution and copying of all media.
Second, data protection is continuous – not just a one-off. This is why testing, training and reviewing is essential.”
Further advice
Andrew Martin and the Novatia Consultants are experts at solving ICT problems in the UK Education market. They take their passion, knowledge, and experience of ICT to make a real difference to learning outcomes in Education.
If you want expert, objective, practical consultancy support on how to prepare for and integrate the demands of the GDPR into your schools approach to ICT, then do get in touch on 01962 832632 and one of our knowledgeable team will call you back.
