While the Sentry system is at the core of how we can help your school, it’s certainly not the only support we can give.
Firstly you might need the expert support of a data protection officer or training for a number of people between one and the whole school. In contrast you might need someone to come along and test the procedures you have in place, alternatively you might need support to undertake a data protection impact assessment.
Whatever support you need we can help. We’ve set out some of the areas where we’re supporting customers. If you don’t see what you’re looking for then please get in touch.
There is lots of guidance about the actual regulation but it’s not written for schools.
When you’re dealing with a breach, an access request or a freedom of information request, a point is reached where decisions have to be made. Is this breach reportable, what information can be released or is the request valid at all?
Expert support is essential at the sharp end. Firstly you need data protection expertise but just as importantly you need someone who understands schools and school systems.
It is a truth universally acknowledged, that data mapping has caused confusion and headaches. The ICO produced a template with a combination of mandatory and optional data. The strong implication was made that if you complete the optional elements, your life will be a lot easier.
The choice of mapping methodology has been in the hands of schools or their advisers as a result there are wide variations. Some methods are highly detailed while others are a very high level. In both the Sentry system and our other support when have built a method to produce the full ICO spreadsheet.
Fully outsourced mapping
(requires a Sentry subscription)
Everyone is aware of their responsibilities
Are the staff properly trained?
You can’t expect to manage GDPR unless every member of staff is trained. Effective training relies on communicating two sets of information. Firstly there is the subject matter knowledge, what an individual needs to know about GDPR. The second message concerns the expectations we have about how that individual will contribute to data protection.
We have a range of courses to support every member of staff, including a specific programme to support your DPO.
It’s human to wonder if we’ve made the best decisions and in contrast it’s natural for focus to shift onto other priorities when things are running smoothly.
So how can you know if your GDPR system is functioning efficiently? For example, Are you picking up on breaches, have working practices slipped and people ready to respond to an incident?
You need to put your system to the test. To be meaningful, any test must first be conducted with the minimum of notice and secondly it should reflect real conditions as closely as possible. You also need to consider whether hard system security tests should be included.
You’ve got a major project on your hands meaning that it’s all hands to the pump. Major projects, reorganisations, new building and new systems can all have significant data protection implications.
These get wrapped up in the Data Protection Impact Assessment (DPIA) at the outset of the project. As the project moves forward, changes happen potentially impacting all those data protection implications.
DPIAs are probably the least well understood part of the new data protection regime but can represent a real risk to the overall project if they go wrong.