The clock is ticking: GDPR & the danger of paper documents
GDPR in schools
The General Data Protection Regulation (GDPR) will come into effect in May 2018 throughout the EU and will replace the UK’s current Data Protection Act. GDPR in schools will have a huge effect on the way they manage their data and the clock is ticking with only 3 months left until the deadline. Therefore, steps to prepare for the changes should be taken immediately.
Schools are organisations that rely on paper based systems for monitoring visitors, staff and student atttendance. Such systems are insecure and will be liable for heavy fines under the new rules. Turning to an electronic system will help schools comply with GDPR, ensure your data is secure and save you money from fines!
Consequences
The consequences of failing to comply with the GDPR are serious. Data protection regulators will have the powers to impose fines up to €20,000,000 or 4% of total annual turnover. This is an increase from £500,000 fine under the current Data Protection Act. Therefore, it has never been more important to put stringent procedures in place to manage your data in line with new regulations, and this includes GDPR in schools.
GDPR focus is often placed on cyber security threats and database vulnerabilities with paper documents and records being overlooked. However, such an oversight could be very dangerous in a few months time.
Below are some of the practical considerations that schools must take into consideration when continuing with paper based solutions.
Considerations
1. Can you find the information?
One of the key principles of GDPR is ‘the right to erasure’. Therefore, if an individual requests to be removed from your records where there is no ‘compelling reason for its continued processing’ then you must do so. However, do you know where this information is or if you still have it? Is it in on site or in storage? If you cannot physically find this information then how can you comply? All of this is time consuming and could be very costly.
2. How many copies are there?
One of the vulnerabilities of paper based systems is duplicate copies. A lot of organisations will take a photocopy as a back up just in case the original is lost or misplaced. However, what may seem like good practice could leave you in hot water when it comes to GDPR in schools. Unsecured copies of personal information maybe scattered all over the place and not disposed of properly which could lead to committing data breaches.
3. Data security
Security of data is another key area of GDPR and the security of paper documents could leave you vulnerable. If private documents were to get into the wrong hands then this could become a data breach. Transportation of documents always poses a risk as it only takes one mistake, like leaving them on a train or a car being stolen, for them to end up in the wrong hands.
4. Data privacy
Ensuring that noone else sees indirectly the personal data of another individual is also an important area not to be overlooked. A lot of focus is aimed at how to retain and store data but your actual process could get you in trouble. For example, if a visitor signs in via a book they will be able to see the personal details of all the other visitors that have signed in!
5. Managing retention records
Data records should only be retained for a certain amount of time, irrespective of format (paper, electronic or other). How do you manage the retention periods for your paper files? A lot of organisations will make a hard copy of their digital files. However, if you delete your electronic file, but the hard copy still exists, then you may in breach of GDPR regulations. For example, you may have deleted a file in accordance with a request from an individual to delete their personal data. However, if you do not delete the hard copy as well then you are still holding their personal information and be liable under GDPR!
Solution
What is the solution?
Moving away from paper to electronic management systems like CBSecurepass would remove the obstacles mentioned above along with the potential hefty fines with which they come. It puts you in complete control of your data and gives you immediate access to the files you need. Furthermore, your data is more secure as it is only accessible to those who have permission.
How does it work?
CBSecurepass is a school visitor management system which electronically captures and stores visitor information. Visitors sign in via a touch screen monitor rather than pen and paper. Staff also sign in electronically using permanent access cards. The system also has modules to store details on late arrivals and child collections. It will not only enhance your safeguarding but help alleviate your GDPR headache and save you from some potential big fines!