Data within Education

Having joined Data Protection People as a graduate fresh from finishing Leeds Beckett University, my knowledge of GDPR and data protection was virtually non-existent, I was well and truly thrown in the deep end. You could say it was like learning how to run before I could walk. Luckily alongside having to learn the ropes all by myself, my employer DPP, have been brilliant at supporting me on this journey. BDM Rob Wilkinson, whilst balancing his own workload has been able to provide regular assistance as and when it has been needed and line manager Kathy Midgely and Sales Director David Hendry have overseen and underpinned everything that I have done so far at the organisation.

Add on to this the regular ‘Support team training’ I have been able to tag along to has deepened my understanding of GDPR. The training is hosted by consultant and in-house DPO Oliver Rear whose knowledge of Data Protection and GDPR is nothing short of incredible.

Ever since joining DPP I have been working within the education sector, it is my job to get to know data protection practitioners, build relationships and offer support and assistance as and when it is required.

In the short time I have been with DPP I have managed to skim read countless data privacy and data protection policies and one thing is for certain, the education sector is lagging behind a lot of other sectors in terms of GDPR compliance, the first giveaway regarding this is that around 60% of policies reference legislation that is out of date, the new data protection act was brought in in 2018 and yet a worryingly high number of organisations within the sector are either not aware of the new legislation or they just don’t care about data protection.

It does not make good reading and it is slightly worrying when I come across these sorts of things. To put it plain and simple, whether you are reading this as a student or a data controller, if the policy is referring to the DPA 98 then the processes in which the data at that organisation is stored, controlled and processed is not done so according to the law.

I am not categorising every organisation within education to be non-compliant because there are some that are up to a high standard with their compliance of GDPR, I’m just raising the issue that there are still too many organisations that don’t comply. Considering the new laws came into place nearly 4 years ago, it is about time the importance and awareness of the issue was brought into the light.

Where do we go from here?

For starters, every public sector organisation needs to have a named DPO, this person needs to not be within a conflict of interest, what I mean by this is, the DPO should have the ability to freely fulfil the functions of a data protection officer as described within the UK GDPR.

The next step that could be taken is an increase in resource made available to organisations. The ICO, as they should, have a great number of resources available, a link can be found here: https://ico.org.uk/for-organisations/

There are many podcasts out there available to listen to, here at Data Protection People, we are proud to be the #1 data protection podcast on Spotify – you can join us by filling out the form below.

You can also reach out to us to discuss various ways in which you can start to become GDPR compliant, myself and the rest of the team are more than happy to help you on this journey.