8. Breaches

Most Schools will already have a procedure for dealing with incidents where personal data gets to an unintended third party. Schools GDPR includes a template breach procedure including the revised requirements of the GDPR.

Template documentation is included in the full GDPR pack for those who choose to purchase it.

Most Schools will already have a procedure for dealing with incidents where personal data gets to an unintended third party. Schools GDPR includes a template breach procedure including the revised requirements of the GDPR. The procedure covers de

It is essential that Schools have trained all staff and volunteers to recognise a data breach. Early identification and a process that takes early action is essential to ensure that the data is retrieved and any damage limited. Examples of data breaches are letters sent to the wrong address, emails sent to the wrong recipients, lost/stolen school computers and documents that are misplaced.

There are several other actions for Schools to take:

  • Introduce an internal breach register
  • Establish a process for closing the data breach usually this requires a quick reaction, which is where a well-defined process really helps
  • Have a template report to gather the required information to assist with decision making and reporting
  • Develop a defined decision-making process to help determine whether the breach must be reported to the ICO. The GDPR gives data controllers a 72-hour deadline for informing the ICO unless the School decides there is no risk to the rights and freedoms of the data subjects. Remember the 72 hours is not working time, it starts once the data controller becomes aware
  • Have appropriate template letters that can be updated for the situation in hand and issued to those affected, whether they are data subjects or those that received the data by mistake. These should be issued without undue delay.

There is a lot of talk about the GDPR bringing in big fines for data controllers. However, it also permits data subjects to receive damages for distress. This is likely to have a real impact for data controllers with money being paid out. So it is vital that Schools strive to meet their obligations for breaches so that both ICO fines and data subject claims for damages can be reduced where possible.

Previous Tutorial Next Tutorial

£395.00Add to cart

Home

View

1. Mobilisation & Awareness

View

2. Record of Processing Activity

View

3. Lawful Basis for Processing

View

4. Consent

View

5. Children

View

6. Communicating Privacy Information

View

7. Rights of the Individual

View

9. Design & Default

View

10. DPO

View

11. Training

View

12. Sharing of Data

View

What's in the Schools GDPR pack?

Find out how Schools GDPR helps you