that they must comply with data protection rules. As well as data protection legislation, the

Equality and Diversity Act must be considered when asking such questions. Unless schools have a policy of recording other vaccinations, they cannot act differently with regards to the COVID- 19 vaccination.

Remote Learning As cyber criminals targeted the remote learning environment, 58% of UK secondary schools identified breaches in 2020, with many others thought to have gone unidentified. This continues, as ransomware attacks lead to the loss of student homework, school financial records and data stored regarding COVID-19 testing. With remote and online learning now an integral part of our lives, data protection is the first line of defence for safeguarding pupils and school staff. Educating pupils and school staff on the

potential risks and correct data protection principles can be one of the stronger tools we have in keeping data secure, both in the classroom, and out. With awareness, schools can work to avoid the

GDPR – 3 Years On T

here was justifiable apprehension leading up to 25th May 2018, when the EU General Data

Protection Regulation (EU GDPR) came into effect, with a flurry of activity as schools and organisations worked diligently to ensure the correct policies and procedures were in place. Three years on, many of the existing challenges

to protect data remain. Almost 50% of data protection incidents occur through email communication, which presents a multitude of opportunities for misuse and the inappropriate sharing of data when not managed correctly. However, school leaders are also experiencing a number of new and exceptional challenges.

Leaving the EU With Brexit on the horizon, many people questioned the future of GDPR in the UK as this was an EU law. Post-Brexit, we now have the UK

input of incorrect information and the misuse of systems, ensuring the use of password protection or encryption where needed and avoiding breaches caused by password sharing or the use of generic passwords. It’s important to encourage staff and pupils to be aware of personal requirements to protect data; bank details, passwords, licences and passports, often stored in a bag, mobile, laptop, tablet or notebook. With GDPR constantly evolving, it’s vital for

GDPR, which combined with the UK Data Protection Act 2018, can be referred to as UK Data protection legislation. UK GDPR is essentially the same as EU GDPR,

but as time progresses, changes between the two may arise. For schools, this creates the need to check when contracts, data sharing agreements or privacy notices were written to ensure the current data legislation is quoted. Additionally, schools that recruit students from the EU or those that appoint staff who are EU residents may have to make major changes to the way they process personal data.

COVID-19 Vaccinations With regards to asking employees if they have had the COVID-19 vaccination, and the collection of this data, employers must remember that this information is sensitive personal health data and

schools to have the right tools and support in place. Cantium are supporting schools, Data Protection Officers (DPOs) and Data Protection Leads (DPLs) in monitoring and managing their data protection compliance through GDPRiS. Used by nearly 3000 schools, this simple, intuitive cloud-based platform is designed to support schools, academies and trusts in working towards GDPR compliance, reflecting the existing processes in schools whilst pro-actively prompting them to meet and exceed GDPR. With the depth of knowledge required from a

DPO in areas such as data security operations, breach management and the legal aspects of data handling, it’s not surprising that many schools may find the DPO responsibilities a challenge to deliver. Cantium’s external DPO service, DPOaaS,

provides schools with a dedicated, experienced DPO who can provide expert practical advice and guidance to help them address today’s compliance demands while they stay focused on core business activities. Get in touch with a member of Cantium’s team to arrange a free demo of GDPRiS.

u03000 411 115


June 2021

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54