Our schools need clearer guidelines on new data protection rules

An important resource or on brink of redundancy?
An important resource or on brink of redundancy?

You may have been sick of getting GDPR emails in your inbox, but for Sheffield schools the headache of data protection changes shows no signs of abating.

Many of us had no idea that the General Data Protection Regulations were looming on the horizon until the flurry of mail activity prior to the May 25 deadline.

There are lots of disagreements between how far schools have to go to ensure they are compliant with the new law

In schools, senior leadership teams may have had an awareness of the implications for their school, but this was only passed down to teaching staff at the last minute in many cases.

Several teachers I know still have very little clue what the new GDPR changes actually mean, which is worrying because parents – and in some cases children – can now flag up breaches which could potentially result in a sizable fine.

Some schools I have been in recently are fully aware of the impact on schools and they are implementing it to the very finest point of the legislation.

Every single photograph of children around school had been taken down when I went to attend a meeting, all lists with children’s names on had been removed and files containing data had been encrypted.

Other schools I have been in are lagging behind on the subject, not through an irreverence for the law but because they are smaller schools with less of a technical team and a genuine lack of understanding about what they need to do.

There are lots of grey areas, lots of disagreements between how far schools have to go to ensure they are compliant with the new law.

One secondary school I know has made it quite clear to staff that all names of children must be removed from lists that are publicly displayed and that even mark books should be kept securely at all times.

This is to cover eventualities such as photographs being taken of the pictures and lists by students – or even burglars – and later shared on social media.

Some people have legitimately questioned how far this rule should be enforced.

Does this mean that PE teachers can no longer pin up a team sheet for Saturday’s rugby match?

Or the information TV screens that are positioned around so many of our secondary schools these days, rotating screens of students who have achieved excellent results and showing the kids at the top of the effort rankings?

And what are your thoughts on seemingly innocent school procedures such as putting the name of primary school children next to their coat peg?

We’ve entered a minefield of educational data protection, and it’s not just the starkly obvious breaches we need to be aware of; we all know that if a teacher accidentally e-mailed a file containing sensitive information about illnesses and special needs to the wrong recipient then there’s potentially a problem.

But it’s the grey areas that need addressing, the extent to which we have to protect our classrooms and the level to which our files – and which files – need encrypting.

Because the truth is that many teachers still do not know all they should about enforcing the new GDPR changes.

I can log on to the school system at home on my personal laptop and gain access to all kinds of data on all the children in the school.

Am I allowed to do this? Am I allowed to print my class lists and seating plans? Can I place paper copies of these into my school planner?

Schools and teachers need to be told just how far these rule changes go, because they are currently affecting school life in different degrees.

We need to better informed both to make better decisions about keeping children safe, but also to ensure that we are not going to far in restricting the process of school life.

The different ways the GDPR change has been dealt with among our schools is something which needs addressing because sooner or later a headteacher is going to have a visit from a data protection officer and the meeting will not go well.