GDPR: What does this mean for DSPL2?
The law relating to data protection changed on 25 May 2018 and so DSPL2 is committed to ensure that they are compliant with the new legislation. This overview provides a brief introduction to the key changes stakeholders need to be aware of.
What is the change to the law?
From May 2018, the DPA 1998 will be replaced by the General Data Protection Regulation which is often referred to as the “GDPR”. Although many of the principles will remain the same as the DPA 1998, there will be some changes that will affect schools, local authorities, companies and businesses.
Why is the law being changed?
Since the DPA 1998 became law, there have been a lot of changes to information technology and the way in which individuals and organisations share information.
Why do schools need to respond to this?
Schools and trusts have to comply with the DPA 1998 at the moment and the GDPR will applies to all sectors when it comes into force.
Schools process a lot of personal data relating to pupils and staff in order to carry out their functions. They also acquire personal data relating to other people including, for example, pupils, members of the local community and suppliers. DSPL2 will ensure that we handle personal data correctly and securely.
What are the key changes that will affect DSPL2?
In general terms, the GDPR places more emphasis on transparency, accountability and record keeping. Therefore, DSPL2 has reviewed our current procedures to ensure that we meet the higher standards set out in the GDPR.
DSPL2 is committed to you complying with the GDPR principles, by implementing “…comprehensive but proportionate governance measures” to meet this accountability requirement. DSPL2 has implemented technical and organisational measures to show that we have integrated data protection into our processing activities.
DSPL2 already has privacy notices in place as a matter of good practice. However, the privacy notices are now even more important tool to demonstrate transparency and it now contains more information to let settings know how we will use this personal data.
As well as the privacy notices, we will identify appropriate opportunities to ensure that we are being transparent with people about what we are doing with personal data. For example, if we are collecting personal data on a form, we will tell people, in simple terms, what we will be doing with the personal data.
Please note: Given that some of the guidance on the GDPR is still being drafted, there may be some further information and detail which is published by the ICO in the coming months which could have implications for schools and the steps we need to take to comply with the law.