Almost one year on from the introduction of new data protection laws, more than half of UK schools and colleges reveal they are not fully compliant. In a recent survey from edtech giant RM Learning and Trend Micro, 14% of respondents also admitted to not having a clear plan to become compliant with the GDPR (General Data Protection Regulation).
On the plus side, over 80% said that they had taken steps towards becoming compliant, mostly in the form of updating policies, training staff, appointing a DPO (data protection officer) or carrying out a data audit. Despite this, 46% cited a lack of security awareness as one of the biggest challenges in complying with data protection regulations.
Mandatory breach recording and reporting
The GDPR expects organisations to record all data breaches and, in some circumstances, report these to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware. Worryingly, 29% of those surveyed said they did not have a formal breach response process in place, putting them at risk of serious non-compliance, should a breach occur.
Beware the inside threat
75% of schools and colleges regard their staff as the biggest threat to data, with cyber criminals seen as a bigger threat in just 19% of organisations. Careless staff can be just as big a threat as a malicious insider – awareness and training play a key role in protecting the sensitive data educational institutions hold.
Easy steps to reduce the risks and demonstrate GDPR compliance
For schools and colleges, the good news is that the risks highlighted in this survey can be reduced in a simple and cost-effective manner. As the survey suggests, human error is one of the biggest risks to data security. Losing data or sending it to the wrong people top the list of data breach causes across all sectors, and cyber criminals see busy staff as easy targets for scams like phishing. Staff training can significantly reduce these risks.
Train staff with e-learning from IT Governance
Our e-learning modules cover the GDPR, cyber security, appropriate use of Cc and Bcc in emails and how to spot phishing scams.
Demonstrate compliance with GDPR.co.uk
The GDPR.co.uk platform includes a data breach recording functionality that can report breaches directly to the ICO, DSAR (data subject access request) recording, staff GDPR training, and data and supplier mapping functionality – all the elements required to demonstrate GDPR compliance.
We offer a 10% discount on all our products and services to ASCL and COBIS member schools.