Vertical Markets

GDPR and schools

by Mark Rowe

How ready are you for the incoming EU General Data Protection Regulation (GDPR), that is due to become the new data protection law on May 25? According to a survey for an IP network installer, few schools, colleges and universities believe their data protection policies are up to scratch in the run up to GDPR deadline.

Only 22pc of schools, colleges and universities of the 500 surveyed felt their data protection policies were compliant. Most, 70pc said that if they fell foul to a data breach, they wouldn’t be able to evidence that the correct procedures were in place. The survey was by NW Security Group, asking head teachers, governors, IT, security and facility managers in the north west of England to determine their awareness levels of, and adherence to, the GDPR.

Most, 64pc are aware of the GDPR but require further information on its impact. One in ten, 11pc of schools, colleges and universities have experienced a data breach and did not inform the data protection regulator, the Information Commissioner’s Office (ICO). If made aware of a data breach, 14pc of respondents would ignore the issue and hope the problem resolves itself. Three in ten, 31pc of respondents don’t believe their employees and contractors are adequately trained in data protection.

The survey also found that only 16pc of educational institutions had fallen victim to a data breach, despite a rapid increase in attacks in recent times targeted at the sector. This seemingly low figure, in contrast to wider industry trends, might be explained by respondents struggling to identify what actually constitutes a data breach, the firm suggests. Besides a cyber-attack, a data breach could include: emailing data to the wrong recipient; openly discussing Personally Identifiable Information (PII); leaving hard-copy materials in plain view; or loss or theft of unencrypted data. These could all lead to the loss of PII and are breaches of GDPR, the security firm adds.

Nigel Peers, Security and Risk Management Consultant at NW Security Group, pictured, says: “These findings are concerning, especially considering GDPR’s imminent deadline. This is putting educational facilities at great risk of severe fines and reputational damage. There appears to still be a large amount of confusion regarding the regulations, and with 64pc of those who’d heard of the GDPR still requiring further information, it is clear more work is needed to propel educational facilities towards full compliance.

“Employees are a school, college or university’s first line of defence and if they are unable to identify what a data breach is, the likelihood of achieving GDPR compliance is dramatically reduced. That is why it was concerning to learn that, according to our survey, 31pc of respondents didn’t believe their employees and contractors were adequately trained in data protection.”

NW Security Group reports that when doing Organisational Readiness Assessments for education sector customers on GDPR compliance, although many believed their processes were up to scratch, the reality was somewhat different. Outdated policies and a lack of documentation were frequent failings indicating low levels of GDPR compliance in the education sector, the firm says.

NW Security Group’s latest white paper: The GDPR: Is your school, college or university compliant? is online at https://www.nwsystemsgroup.com/gdpr-education-compliant.

Separately, the Independent Schools’ Bursars Association (ISBA) has published GDPR guidance in its members’ magazine The Bursar’s Review.

Related News

  • Vertical Markets

    Pinkerton in Swedish buy

    by Mark Rowe

    Pinkerton, the US-based corporate risk management, security consulting and investigations firm, has entered the Swedish market with the strategic acquisition of risk…

  • Vertical Markets

    LP date

    by Mark Rowe

    October 2 in London sees BRC Retail Crime and Loss Prevention 2014, the British Retail Consortium’s annual conference. Visit www.retailcrimeconference.com. Phillip Hagon,…

  • Vertical Markets

    Wulfrun contract

    by Mark Rowe

    London Cambridge properties (LCP), which manages the Wulfrun Shopping Centre, has chosen Axis Security to provide manned guarding services to the city…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing