1. Don’t forget to keep discussing data protection at all levels
The launch of GDPR was treated very seriously in every school we know. But it’s really important that it wasn’t seen as a one-off. Schools need to show that they are regularly reflecting on why they are using and storing particular types of data. We’ve found that regularly engaging governors or trustees as well as senior management and teachers in updating policies means that they are clear, understood and followed.
2. Educate teachers
Many of the biggest GDPR issues in schools come from the natural enthusiasm of teachers to use new technology and to use existing technology in innovative ways. In particular they need to report any new apps or online tools that store student or teacher data – with the rise of ‘free’ tools this can often happen without anyone in the school office knowing, let alone the Data Protection Officer (DPO).
3. Update consent forms each time you send them out
A number of schools send out consent forms annually, and then realise later that they need to make changes (even to cover simple things like the school using different social media). Have the conversation about the form several months before you sent it out to avoid unnecessary work and delay.
4. Remember that there are still six legal grounds for using data
Some schools took GDPR to mean that they needed consent for any use of data. However, there are five other reasons why schools can legitimately use data which you can read more about here. There are ‘urban myths’ travelling around the education systems such as the school that supposedly took down photographs of children with serious medical conditions from the staffroom for ‘GDPR reasons’ – make sure to check their validity before acting on them in your school as the consequences could be extremely serious.
5. Focus on whether people want communications rather than how many contacts you have
Whether it be numbers receiving your school’s newsletter or social media followers, before GDPR the focus was often simply on how many people you were in touch with. But post-GDPR it makes sense to allow those not interested in your school to unsubscribe from any updates you put out so the focus can now be on making sure that the right people get high quality, relevant and timely information.
6. Use your Data Protection Officer proactively, rather than waiting for a crisis
Schools that get DPOs to talk to staff regularly have seen real benefits – they can address misconceptions and myths as well as reinforcing the importance of personal data protection (which has been estimated to lead to 80% of GDPR breaches). Make sure to allow time for questions – and follow up any that are not answered in the session.
7. Tell people how data capture (and video capture) improves teaching and learning
Data protection can be seen as a dry issue. But if you’re capturing and using data that’s hopefully because it’s serving a useful purpose. We’ve worked with schools to share the benefits of using video-based coaching, an area that could be controversial, but which has been well received by parents. You can see our case studies here and evidence that video does work on the evidence and resources page.
Please note that the advice above is based on best practice we’ve seen but schools and trusts are responsible for their own GDPR decisions. For the latest advice from the Government you can find the latest data protection toolkit on the official website.
To find out more about how ONVU Learning can help your school improve its teaching and learning using our innovative teacher training and development solution called Lessonvu, please get in touch with our team now.