The education community recognizes that ensuring data protection compliance is critical to protecting the privacy and rights of students, faculty, and staff. As new and innovative technologies continue to be adopted in this field, it is important to keep data protection top of mind.
In collaboration with managed IT services specialist Cantium, we have supported schools and multi-academy trusts (MATs) to ensure they remain data protection compliant while continuing their digital transformation journey. Some schools have staff with technology or compliance backgrounds, while others are in very unfamiliar territory, but the single thread that ties schools’ success together is having a culture of continuous improvement.
When schools focus on improving processes and overall performance and encourage continuous reflection, learning, and adaptation, a culture of continuous improvement is fostered. We know this because schools consider data protection to be very important and have robust practices in place to support it.
Factors such as workload, time, and budget constraints prevent schools from adopting this culture and are often stuck in a “solve the problem at hand” mindset.
In busy environments, we often see people working very quickly, feeling the need to quickly move on to the next task, but we often wonder how costly mistakes made in these moments of haste can be. I’ve seen that there may be one.
Given the amount of data, sensitivity, and speed of work expected of schools, we can completely relate. We’ve found that the best way to break through these barriers and achieve cultural change while balancing workloads is to take data protection back to basics.
Learn from mistakes – If your school or MAT has been the victim of a data breach, take the time to assess what happened. To pinpoint exactly where the mistake happened, ask why that mistake could have happened, and find out what you learned from working this way so that it doesn’t happen again. List the actions you are about to perform.
Next, focus on prevention – Displaying information about the importance of data protection around the school can save time by using things like posters and screensavers to remind people to check before they send an email or think before they click. It helps change the culture over time. We use newsletters, workshops, and other channels to communicate with our school community about the importance of data protection and keep everyone informed about the policies and practices in place. You’ll see a subtle shift in people’s mindsets, with data protection becoming a top priority and common practice.
Supporting new entrants – The best time to engage staff in data protection is when they join your school. Making it clear that data protection is a key point on the agenda will go a long way in fostering a culture of continuous improvement. New hires may find that they have not been very data protection conscious in the past, but your approach will help them focus on data protection.
Provide ongoing support to all staff – Refresher training must be provided to all staff at timely intervals. Keep sessions bite-sized to ensure participants stay focused and easily fit training into your schedule. Don’t give people excuses to avoid data protection education, support them and enable them to learn. The Data Protection Officer (DPO) also oversees compliance with data protection laws and serves as the point of contact for any data protection concerns.
Cultural change is not a one-time event but an ongoing process that requires ongoing commitment and effort from all levels of the school. However, by implementing the measures above, schools can create a culture where data protection and privacy are always a priority, fostering a safe and secure environment for students and staff.
Written by Adam Halsey, External Data Protection Officer, and Stacy Williams, Head of Risk and Compliance, Invicta Law.