Delegates at the annual conference of the ATL section of the National Education Union (NEU), which met in Liverpool last week, heard how teachers are ill-prepared for the General Data Protection Regulation (GDPR), a reform that is enforceable from May 25.
The new regulations are designed to stop firms and other organisations from using people’s data without their consent, but schools could face punishing fines if they fall foul of the regulations.
Tamsin Palau-Honeybourne, a secondary teacher from the Surrey branch of the NEU, said she had already had case work with teachers who could be in breach of the new data protection laws.
Speaking to delegates, she asked: “Do you ever use a USB key to take information about pupils home from school? Do you ever finish off your reports at home?
“Have you got discs or devices used in the past hanging round at home with old reports on, with old registers?
“Anything related to the personal data around children – you shouldn’t have this. You need to get rid of it, you need to get rid of it safely.”
In addition, if teachers had personal information from their old school on a device that they used at their new school, they were committing an offence, Ms Palau-Honeybourne said.
“Anything relating to personal information about children – it needs to be in school and it needs to be password-protected.”
Jeff Fair, a teacher in Essex, criticised the Department for Education for failing to provide simple, clear guidance for schools on how to prepare for GDPR.
“(Searching the DfE website) I managed to find a six-minute talking head video advising schools to ‘map their data eco-system’ and ‘chart their dataflow’,” he said. “I could find no advice for schools as to how they should actually implement the policy.”
The conference also heard that many schools were sending delegates to private GDPR training programmes in order to get better information, and estimated that a total of £4 million of public money may have been spent on such courses.
The conference unanimously backed a motion urging the DfE to publish succinct advice, and to guarantee access to supplementary funding, where necessary, for training and implementation.
A DfE spokeswoman said it was supporting schools through a series of blogs, a YouTube video, and through speaking engagements in schools.
“We are working with a number of schools and other sector representatives to develop further guidance and case studies to help schools prepare for the introduction of the upcoming legislation,” she added.
Further reading
- General Data Protection Regulation: Evolution or Revolution for Schools? The DfE Teaching Blog, October 2017: http://bit.ly/2j0ufHa
- Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now, Information Commissioner’s Office: http://bit.ly/2ymWk0k
- You can read SecEd’s archive of updates and advice on GDPR via www.sec-ed.co.uk/search/gdpr/
- Further education-specific information from the ICO is available at https://ico.org.uk/for-organisations/education/ & https://ico.org.uk/for-organisations/education/education-gdpr-faqs/