11. Training

Training and awareness is key element of building a culture of privacy. All members of staff need to be aware of the GDPR, its impact on the school and how it impacts on their day-to-day activities.

Template documentation is included in the full GDPR pack for those who choose to purchase it.

Our other tutorials have looked in detail at the changes Schools need to make to be GDPR ready. Many of these might seem technical and legalistic, although we hope that we have removed some of the mystery for you.

You can spend a lot of time and effort on updating your existing policies and procedures to be GDPR ready. You will also need to allocate time and effort for awareness and training.  First raising awareness with all of your stakeholders so they can support you in producing the revised documents. Secondly you will need to train people about the your finalised data protection policies and procedures.

Many of the data protection issues that occur in any organisation occur because of the human element. Some examples include not identifying a person before sharing personal data, human error causing a data breach and then failing to report the data breach or not appreciating that a person is making an access request.

A training presentation is included in our documentation set. This should be given to all staff, both teaching and administration plus the Board of Governors. We have also recommended in our plan that additional training time is allocated for some key groups

  • Frontline staff – the receptionists, school secretary and administration staff who deal with parents and other members of the public. You need to make sure that are trained to identify people who want to exercise their rights under the GDPR or report data breaches. Early identification and intervention and following procedures are the most effective ways to reduce the work dealing with such requests and incidents.
  • Security staff – people often overlook the people responsible for physical security, these could be the caretakers and other staff who ensure only appropriate people enter school grounds and buildings and lock-up school when everyone is gone
  • Staff responsible for sensitive data – people who have responsibility for very sensitive data need to receive training to ensure they are clear about what they must do. Only people who need to know should have access to data such as child protection issues and guidance counselling.

Lastly, make sure to keep records of all the various types of awareness raising and training, whether formal or otherwise. This should include who attended and what the training covered. Remember the GDPR requires that you can demonstrate you fulfilled your obligations.

Previous Tutorial Next Tutorial

£395.00Add to cart

Home

View

1. Mobilisation & Awareness

View

2. Record of Processing Activity

View

3. Lawful Basis for Processing

View

4. Consent

View

5. Children

View

6. Communicating Private Information

View

7. Rights of the Individual

View

8. Breaches

View

9. Design & Default

View

10. DPO

View

12. Sharing of Data

View

What's in the Schools GDPR pack?

Find out how Schools GDPR helps you