Will GDPR change the way the education sector operates?

The General Data Protection Regulation (GDPR) has been a hot topic in European media for a while, with talks on how this new legislation can impact different businesses across all sectors. However, although it’s one of the most dominant sectors in the world, education is sometimes left unaddressed. To find out more, we’ve teamed up with 2020 Vision, experts in IP CCTV systems and the security industry.

What is this piece of legislation?

To comprehend what impact this new piece of legislation can have on those operating in education, you need to have a clear understanding of what GDPR is. GDPR is set to strengthen data protection across Europe and will eventually replace the current Data Protection Act (DPA). It will be implemented on the 25th of May 2018. Even though the UK will soon leave the EU after the decision was made in the 2016 referendum, it’s likely that GDPR will be brought into British law by the government and enforced as if it was its own initiative to help unify data protection.

What the education sector needs to know:

Over the years, schools will have collected a strong portfolio of data on students from the past and present, as well as staff who have worked within the institution. More educational institutes acquire surveillance footage of what is happening on a daily basis through the necessary CCTV systems that they have in place. Whether it’s stored in a filing cabinet or backed up on an IT system, there’s a lot of data collected in schools and universities and this will eventually be impacted by the GDPR legislation.

Within the education sector, education centres already have a duty of care regarding the Data Protection Act (DPA) — meaning that all data stored should be protected with the greatest concern to prevent data breaches. Although this will still apply once GDPR has arrived, education practices will have a more intense responsibility of protecting data, no matter what the format is, to ensure that they comply with the new regulation.

Non-compliant organisations may find themselves paying hefty fines as a consequence for not protecting data in the correct manner outlined in this new framework. As schools will currently know, under the DPA, the non-compliance payment can reach a high of £500,000, which is enforced by the Information Commissioners Office. GDPR fines could lead up to £20 million or 4% of global turnover for both data controllers and processors.

Data Controller:

An education centre which decides how data is used.

Data Processor:

Someone who processes data on behalf of an education centre.

Around the subject of data processors, after 25th May 2018, it will become a criminal offence to choose one that doesn’t have the minimum capabilities for IT asset disposal. Education establishments will have to prove that they are working with a credible organisation when it comes to disposal of data.

In the education sector, it’s not mandatory for institutes to have a contract of agreement in place with their Data Processor. However, this is all set to change under the GDPR ruling. Next year, schools will have to have a contract or SLA (Service Level Agreement) in place with who they decide to work with — if this is not enforced, you will be breaking the law.

What the education sector can do about this problem:

Schools are already complying with the DPA, making it an easier process to make the appropriate changes for the introduction of GDPR. However, just because you’re complying with DPA doesn’t mean you’re complying with GDPR, and this will lead you to review and make some adjustments to your current policies.

According to the Information Commissioners Office, there a few steps that those working in education can take to ensure they are compliant. But the first step is awareness, and you need to make sure that people who handle any type of personal data are aware that DPA is changing to GDPR and they need to know about what they can and can’t do, whilst also understanding the consequences.

Education centres should look at who they are sharing data with, then conduct an information audit to see the reasons why. As children are usually involved, you need to put systems in place that will help verify a person’s age and then gather parental/guardian consent for any data processing activity that you might do.

Eventually, schools will want to remove data of former students from their system. To do this, you need to consider the students’ rights and this can determine how you delete data or provide data in an electronic format.

In the event of a significant data breach, there must be reasonable procedure methods in place to combat the issue and minimise the leak of data. All staff handling data should be aware of these procedures. It could be beneficial to appoint a Data Protection Officer who can take responsibility for data protection.

As GDPR is set to arrive on the 25th of May 2018, it’s vital that education centres start making the appropriate changes now.








How to do more to help parents

Have you observed any children who have:

  •  Relationship difficulties at home and in the nursery?
  • Anger management problems?
  • Attachment issues?
  • A lack of self-esteem & confidence?
  • Adjustment issues?
  • Suffered bereavement of a close relative?
  • Experience of domestic violence?
  • Signs of ADHD?

These are the eight top children’s emotional well-being problems.  If not detected and dealt with at an early stage, they are likely to develop into more serious conditions requiring therapy which in some cases may be for many years.

The good news is that if these problems are at an early stage and the degree of severity is only slight, you can coach the parent(s) in how to use play at home for only ten minutes a day to resolve them.

Help the children, help the parents, increase your income.

Just contact me at mokijep@majemail.com or phone 01825 761143 for a discussion.

Kind regards

Monika Jephcott

Chief Executive Play Therapy UK


Chief Inspector of Schools says everyone in education should help 

“…. In our schools it is our responsibility to tackle those who actively undermine fundamental British values or equalities law. That doesn’t just mean Ofsted, but everyone involved in education.”

Amanda Spielman, Chief Schools Inspector, told a Church of England education conference, January 2018

The Chief Schools Inspector used a speech to a Church of England education conference last month to warn schools that they should not assume that the “most conservative voices” of a particular faith group speak for everyone.

She argued, “rather than adopting a passive liberalism, that says ‘anything goes’ for fear of causing offence school leaders should be promoting a muscular liberalism.”

“Giving way to the loudest voices is the opposite of tolerance.”

Gresham’s KS2 & KS3 British Values Series is a range of books and posters to help leaders promote British Values with ‘muscular liberalism’.

Each book explains and promote a core British Values theme:

  • Democracy
  • The rule of law
  • Individual
  • Mutual respect and tolerance for those with different faiths and beliefs

With important concepts supported with discussion and written activities.



British Values starter bundles – everything you need to help promote British Values