Schools and GDPR – have you taken the first crucial step?

If you haven’t done so already, now is definitely the time to carry out a data audit.  Any education leaders who ignore this advice do so at their peril.

The General Data Protection Regulation (GDPR) is coming fast.  From 25th May 2018, schools, academies and trusts will need to have changed the way they handle their data and manage their information.  Reviewing your data and how you use it, is the very first step.

This blog, the second in our GDPR series for school and trust leaders, takes a close look at the importance of a data audit, detailing some of the potential pitfalls.

Why carry out a data audit?

Changes to the rights of access to personal data under GDPR, means you will need to review your procedures right now, so you can make sure you will meet compliance next year.  Also, there is likely to be a dramatic rise in the number of Subject Access Requests (SAR) and you will need to be able to turn these around quickly.  Do your current practices allow for this?

GDPR is about understanding what data is being held, where that data is and what the purpose of the data is.  You also need to know who is holding it and if it’s being held in the right way in order to limit any breaches. You should also take special care to establish any ‘hidden pockets’ of information being held by individuals or in departments and anyone (e.g. suppliers and integrators) sharing your data records.

Ask these FIVE simple questions …

  1. What data is being held?
  2. Where did the data come from?
  3. Who is holding the data?
  4. Who are you sharing this data with?
  5. What are the data flows?

Who can do a data audit?

A data audit does require some expertise; whilst you can do this yourself, it is sometimes better to use external support.  An external company can look at your data with a fresh set of eyes, sometimes spotting issues that an internal auditor might overlook.  It also sends a strong message to everyone that your school or trust is serious about protecting its data.

Handling data complexity is likely to be one of the biggest obstacles to GDPR compliance.  Drawing up a good action plan is essential.

Get a more detailed copy of how to carry out an effective data audit by downloading our Novatia Note here:

Download your Novatia Note

TAKE ACTION NOW … we recently held a GDPR seminar for school and trust leaders which was well received by the Education market.  Read the results of our findings here

If you’d like to know more about how Novatia can assist you with a data audit for either your school or trust, please see our website or contact us on 01962 832632 or

  • Email