All schools and academies are required to manage complex and sensitive data every day and are required to comply with complex legislation and guidance. New legislation to implement the EU General Data Protection Regulations (GDPR) will bring new requirements and obligations and create new rights for your pupils and their families. When things go wrong, breaches may have a serious impact on the reputation of a school and can also result in significant financial penalties being imposed.
Bexley’s Information Governance Team offers a service to provide audit, advice and guidance to ensure that you have robust systems and procedures in place, and to respond to specific issues that you might experience.
• There will be a single point of contact for schools who access the service via a dedicated email address
• You will be working with an Information Governance Team which will be able to liaise with other services within the London Borough of Bexley such as the ICT Team (information technology security) and the Complaints and Freedom of Information Team (Subject Access Requests) etc.
• You will enjoy access to compliant templates (privacy notices, consent forms etc.) available from the BSN resources area which will be regularly updated by the Information Governance Team to incorporate changes in best practice, legislation, emerging issues and trends. This will also help inform schools own working practices in respect of privacy protection.
Our Team can support you in:
Meeting Legislative Duties
• Audit and advice on meeting legislative duties in relation to Data Protection including establishing policies and procedures. This will include updates on new and upcoming data protection developments
Each school or academy will also receive a site visit during which we will discuss and review the arrangements you have in place and agree an action plan.
• Help and advice on the new GDPR Regulations, which comes into force in May 2018. This is the biggest change in data protection law for 20 years. It is likely that your school will need to take steps to be ready before GDPR comes into force on 25 May 2018 and we can support you.
• We will also offer as an additional chargeable service specific training for Governors and staff undertaking key leadership roles
Handling, Storing, Disposing of Personal and Sensitive Data
• The team will provide specific audit and advice with regard to these areas of work. The team will also offer advice on specific requirements such as privacy statements, consent and Privacy Impact Assessment.
• Your school may be asked to share information – we will provide advice about how you should decide whether to share and how you should do this.
The Management of Data Breaches
• We will advise you on the systems that you need to have in place to record and report on breaches and near-misses. We will support you in the reporting, investigation and liaison with the Information Commissioners Office in relation to breaches, and in implementing measures to prevent any reoccurrence.
Physical and IT Data Security
• The team will provide advice to identify issues relating to physical security or that should be considered by your ICT supplier.
Awareness Raising and Training in Data Protection Issues
• It is essential that all staff members within schools and academies have a good awareness of data protection principles and that key managers have a more detailed knowledge. The Service Level Agreement includes awareness training sessions for staff and a chargeable service for training Governors and staff designated with data protection leadership roles.
The team will also supply a range of awareness raising materials, and regular updates. Face to face training is also available on request.
Dealing with Subject Access Requests (SARs)
• Advice on responding to Subject Access Requests (SARs) will be provided.
The service offered to schools and academies will not cover:
• The actual processing of Subject Access Requests or the redaction of records.
• Legal advice, if required.
• Processing ICO registrations.
• Responding to residents or the ICO on the schools behalf.
The package of support will include:
• On site audit
• Review of documentation
• Generic data protection training
• Support and generic advice regarding data protection issues
• Access to a developing resource area which will contain compliant templates such as privacy notices and consent forms, etc. and other appropriate materials such as best practice
• Regular Newsletter featuring legislation updates, latest ICO enforcement action and best practice
• Subject Access Request advice and support
Advice and support is available for data breach notification and a quotation can be provided on request.
Specific data protection training is available for staff who are designated with key leadership roles. Fees for this training requires further consideration as it may require outsourcing!