More than three quarters of North East schools are unaware of and unprepared for new data protection regulations coming into force next year, according to a new survey by a Newcastle IT firm.
Calibre Secured Networks undertook the research through SCHOOLS NorthEast, the North East’s regional network, to gauge how ready school business managers are for General Data Protection Regulation (GDPR).
The regulation will strengthen and unify the safety and security of the information held by schools, replacing the Data Protection Act of 1998 which gives individuals control over what information is held on them by organisations. Failure to comply could see eye-watering fines of up to €20 million (or 4% of turnover – whichever is greater) for both the data controller and anyone else involved in the chain.
The survey, which followed the recent School Business Management Conference, revealed that only 24% of people were both aware of and prepared for GDPR. 23% of those questioned had not heard of GDPR. Of those who are aware, more than half (53%) said that they were unprepared for the forthcoming changes.
It’s evident that dozens of schools across the North East are not ready for the changes, said Calibre’s managing director Karen Nelson, and need to start planning their approach to compliance sooner rather than later.
It’s important that those involved are not only made aware of but also understand the changes and embrace them fully – Karen Nelson, Calibre’s managing director
She said: “It’s important that those involved are not only made aware of but also understand the changes and embrace them fully. It will be incumbent upon those responsible for education IT to make sure that personal data is reasonably protected and an individual’s privacy secured.”
Finding a suitable partner who can help manage data in a safe, secure and compliant way will be important in moving forward. Under GDPR it will be illegal not to have a formal contract or Service Level Agreement (SLA) in place with suppliers. Moreover, it will not necessarily follow that organisations will be automatically compliant if current practices are inline with the DPA.
Karen Nelson advises schools to consider an IT partner who have relevant sector experience as well as holding relevant accreditations such as ISO 27001 and credentials.
“There’s little doubt that the advent of GDPR will have an impact and the clock is now ticking when it comes to action,” she said.
“Leadership needs to be thinking about how it will impact and find the resources that will help them leverage the technologies to be ready next May.”