The appointment of a data protection officer is one of the more daunting requirements of the GDPR. The concept of the DPO has been around for a long time and a number of countries in the EU have had the requirement in place for a number of years, most notably, Sweden and Germany. The GDPR now makes this appointment mandatory across the EU regardless of the size of the organisation though there are other criteria that determine whether a DPO is required. Before we get in to the criteria, I'll cut to the chase: schools will almost certainly need a DPO.
The thing about the GDPR is that it's not going away and it's not going to pass by silently on May 25th 2018. It's designed to make everyone sit up and take notice.
The truth is, current data protection action tends to be more reactive than proactive. The GDPR is designed to make the data controller, in this case schools, fully responsible for managing their students', staffs' and parents' data and to actively prove they comply with the regulation.
Why use MySchool school management software to run your school? Let's take a look from a few different stakeholder perspectives and show you how MySchool can be the glue that helps binds the school community.
Communication through MySchool is powerful.
It's as simple as selecting a class, year or the entire school and clicking 'send' to deliver emails, questionnaires and SMS messages. You can also create custom groups of parents, staff, teachers and students in just a few clicks.
The GDPR defines personal data as:
"... any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"
Article 5 Principles relating to processing of personal data
To be clear, the 'data' element of 'personal data' refers to recorded information that is, or is intended, to be stored and processed electronically as part of a filing system.
Consent is not a new concept and has been a core part of data protection & privacy laws for decades. However the GDPR raises the bar considerably on 'conditions for processing' personal data.
Simply put, 'consent' means obtaining clear permission to hold and process a person's data for a specific use. Although it is already required, practices such as 'opt out' have become common-place, e.g. pre-ticked checkboxes to receive marketing material, making it more of an assumption of consent rather than explicit permission. The GDPR is far more explicit about what constitutes consent and aims to entirely remove this kind of deception.
Article 7 GDPR Conditions for consent
You may be wondering why we need new privacy laws. As it stands, data privacy laws vary from country to country within the EU, with little harmonisation. This causes confusion, reduces trust and ultimately undermines the effectiveness of data privacy laws. The GDPR is intended as a 'one-stop-shop' bringing with it a high level of alignment across the European Union. This of course also makes it far easier to administer and enforce.
The following are the key elements of the GDPR. We'll be going into the details of each one of these in future blog posts. If you're not already subscribed, you can get email alerts as soon as we publish new articles.
Like all tools, the real value comes from not what they can potentially do but what you actually do with them. This is particularly true of school management software which can bring significant efficiencies to school administration. The problem is that these systems generally have an overwhelming amount of functionality that can end up unused or worse, completely misused, eroding the value of your investment.
We're particularly excited today to find out we've been chosen as a finalist for the 2016 MCA eBusiness awards, 'Best use of Technology in Business Transformation'.
Every year, the MCA eBusiness awards celebrate and acknowledge the best examples of web based technology & innovation in Malta. The awards aim to encourage digital innovation and growth across the width and breadth of the country's industry and society.
There are many specialised words and terms associated with the General Data Protection Regulation (GDPR). These are the most common ones.
- Binding Corporate Rules (BCR)
- Corporate rules to allow multinational organisations such as multi national school networks to safely and legally transfer data internally (within the organisation) but across EU borders.
- Freely given, specific, informed and explicit consent by statement or action by the student, parent, staff member or any person signifying agreement to the processing of their personal data. read more about consent
- Data Controller
- This is the school. Determines the purposes, conditions and means of the processing of personal data.
What is GDPR?
The General Data Protection Regulation is the EU’s tough new privacy and data protection law designed to significantly strengthen all EU citizens' rights and security relating to the data you store about them. This includes students, staff and parent's right to legal action against the school or ‘student information system’ supplier and the right to compensation regarding misuse of their personal data.