How well do you understand your data flows? Do you know where your information is kept, and who has access to it? Do you know when to keep information, when to share it, and how to share it securely? Could you easily track down and collate all the information you hold about a member of your school community? All of these questions, and many more besides, will soon be asked of you by the new General Data Protection Regulations (GDPR).
GDPR is, at its heart, an updating of the original data protection principles to make them fit for a more integrated digital age. It is also a shift to ensure that you put the rights of the data owner – your learners and colleagues – at the heart of your data governance practices. Individuals will retain full rights over their personal data, and you must ensure that you only process that data in ways that are fair and lawful.
Good data governance really boils down to a series of simple questions, underpinned by well-known data principles. Are you open and honest with your learners about what information you collect about them, why you need it, and who will see it? Do you only use it for those purposes? Is it kept securely, and can people update or remove their details easily? Will you get remove it when you no longer have a valid reason to keep it? That openness and honesty should be at the centre of your school’s approach to data governance, helping to build a culture of mutual trust and respect.