From 25th May 2018, the Data Protection Act 1998 (DPA) will be replaced by the new more stringent General Data Protection Regulation (GDPR). All governing boards need to be aware of their obligations under the new regulations and will be required to show compliance with the GDPR.
The key changes introduced by the GDPR include the following:
- It will be mandatory for schools to appoint a designated Data Protection Officer
- Non-compliance will see tough penalties; school will face fines of up to €20 million or 4% of their turnover.
- It is the schools responsibility to ensure 3rd parties (i.e. catering services, software providers etc.) that process data for you also comply with GDPR
The GDPR is intended to strengthen and unify the safety and security of all data held by all types of organisations. The Information Commissioner’s Office has published a 12-step checklist to help prepare for the changes.