Five top tips for strong data compliance in 2022
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
I know, possibly the most exciting article you’ll read this year. Ok so I admit that it’s not that exciting, but – as you have heard me say plenty of times – this stuff is important. It can also be time consuming and with data protection compliance it is often a matter of prioritising effectively to make the most of your finite time.
Let this article help you with that focus and ultimately save you time and money.
Tip 1: Embrace near misses
Once your heartrate is back to normal, take a step back and ask yourself “what can we learn from this near-breach experience to improve our practice?”
Near misses (and for that matter actual breaches) present a good opportunity to learn. What went wrong? What needs to change? How do we avoid it happening again? It’s very easy to thank your lucky stars and move on, but in doing so you are likely to be doomed to repeat the same mistake. Invest some time now in figuring out how to be better, put those changes in place and see the long-term benefit.
Tip 2: Lead from the top
Evidencing a strong culture of compliance is an important part of the DPO role. The best way to achieve it is to ensure you and your SLT lead from the top. How the leadership are perceived to fall in line with any compliance issue has a serious impact on how the rest of school staff will act. Strong and consistent leadership will send a clear message to more junior staff; a dismissive approach that suggests it all doesn’t matter will pretty much end your chances of creating a strong culture of compliance. So, start at the top.
Tip 3: Outcomes focussed training
The ICO expects organisations (including schools) to be able to measure the outcomes of data protection training. This means proving staff knowledge, not proving that they attended some training you put on during the inset day. So, make sure your staff training outcomes can be evidenced, that you then review that evidence to identify knowledge gaps and then plan how to plug those knowledge gaps to improve staff knowledge and data protection practice.
Tip 4: Learning walks
Learning walks should form part of your regular review of staff compliance – it’s one of the best ways to review everyday compliance and it doesn’t have to be a big job. All it requires is a wander around school with your eyes open to look out for key physical risks – screens left unlocked, USB sticks in use, personal data left lying around, cabinets unlocked and so on.
A quick learning walk will help you identify the areas of risk in your setting which you can then build into staff training and updating. Soon enough, those risks will be managed and reduced.
Tip 5: Consequences
This is a big one. In May this year we’ll be four years in to the GDPR regime. Is it time for there to be consequences for staff not completing data protection training and/or not doing what is required of them? Spoiler alert: it is. I’m suggesting we go straight to the ‘stick’; by all means use the carrot too. However, if there is no real consequence for a staff member not completing training or not complying with policy, then what is their motivator for complying? Perhaps it is now time to look at making these issues a disciplinary matter or, at the very least, a difficult conversation with the Headteacher. What would happen if we were talking about safeguarding and not data protection? I’m betting there would be consequences.
Bonus tip: Work together, don’t reinvent the wheel
You know me, I like to give you freebies where I can, so here’s a free tip – work together. Being a DPO can be a lonely job, so look to networks, forums and make connections with other DPOs in your area so you have a support network around you. That way you can share learning/documents/experiences and take those benefits back to your school. As part of that, don’t forget the DPO Peer to Peer Support Forum in the LASBM online community.
I’ll be expanding on these tips and providing some more at the LASBM East Conference on 9 February.
This article was first published by LASBM on 27 January 2022
Contact
Dai Durbridge
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
You may be interested in...
Online Event
Shared Insights: Data and Information Governance Issues
Legal Update
Update on data protection claims - Austrian Post Case
Press Release
Browne Jacobson launches specialist Ascensus programme for in house lawyers and business leaders
Opinion
Mopping up after a leak – how businesses can take steps to protect their confidential information
Legal Update
Cyber security and data breaches
Legal Update
Update on the Digital Services Act (“DSA”) – Important Dates and Deadlines Looming
Legal Update
Government publishes its proposals for expanding the Scope of the Network and Information Systems Regulations 2018
Guide
FAQs - converting to academy status
Legal Update
Protecting children and their data in the online environment
Legal Update
Top three training topics 2022-23
As well as providing day-to-day support to help you focus on managing your settings, we also provide training and professional development on a range of topics to keep you and your staff up-to-date.
Press Release
Law firm picks up record breaking sixth Education Investor Award
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Press Release
Thousands take part in virtual careers event to help increase diversity in the legal profession
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
Published Article
Bruce Willis AI and the problem with deepfakes
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
Legal Update
DSA approved: Targeted Advertising Rules explained
Legal Update
Economic crime and cybercrime
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Legal Update
Browne Jacobson’s market leading Education expertise recognised again in latest Legal 500 rankings
The new set of Legal 500 directory rankings have been published and we are proud to once again be recognised as one of the country’s leading firms advising the Education sector.
Legal Update
Data reform in the UK
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
Legal Update
Are local authority companies subject to the Freedom of Information Act 2000?
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
Legal Update
Digital Markets Act and Data Platforms - FRANDs for life?
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
Legal Update
Avoiding the pitfalls of WhatsApp
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
Legal Update
ICO consultation on research provisions guidance
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
Press Release
Browne Jacobson’s C-suite exec level coaching team appoints two new education specialists
National law firm Browne Jacobson has grown its team behind its dedicated Space + Time executive coaching programme with the addition of two more qualified coaches who will work with clients in the education sector.
Legal Update
More good news for data controllers: High Court finds local authority not vicariously liable for the actions of social worker who went off on a "frolic of her own"
Public bodies will be pleased to hear that another significant court decision (Ali v Luton Borough Council [2022] EWHC 132 (QB)) has been made that is favourable to data controllers.
Published Article
Five top tips for strong data compliance in 2022
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
Legal Update
Stemming the tide of data breach claims: good news for data controllers
The cases summarised give considerable comfort to data controllers seeking to defend themselves against claims that relate to breaches arising as a result of a failure rather than a direct act and/or are based on assertions of damage or distress that are exaggerated, unsubstantiated or bear little relation to the breach itself.
Press Release
Reaction: Supreme Court rules in favour of Google
The Supreme Court has unanimously overturned the Court of Appeal’s 2019 decision in the case Lloyd (Respondent) v Google LLC (Appellant) which allowed the claimant, Mr Lloyd, to serve a representative action on Google on behalf of over four million iPhone users who were seeking damages for ‘loss of control’ of personal data.
Press Release
Browne Jacobson hosts UK’s largest virtual legal careers event to boost access to careers in law
Tomorrow, (Wednesday 27th October), national law firm Browne Jacobson will host its second FAIRE: virtual work experience and legal careers insight event, in partnership with Young Professionals.
Legal Update
What are the requirements of cookie law
Cookies and similar technologies are a useful and often necessary tool for online businesses, but their use is governed by both the Privacy and Electronic Communications Regulations (PECR) and the GDPR.
Press Release
New benchmarking service now available to guide the remuneration of school trust executive teams
The Confederation of School Trusts (CST), as the sector body for School Trusts, today releases a salary benchmarking service for executive roles in School Trusts, in conjunction with partners XpertHR, Cendex and Browne Jacobson.
Legal Update
Steps to take following a data breach: reporting, criminal charges and injunctions
Student and staff files will be full of personal data, much of which may be particularly sensitive such as health information (known under the data protection legislation as “special category” data).
Published Article
Confidential information and subject access disclosure
In February 2021, the High Court handed down judgment London Borough of Lambeth v AM (No. 2) [2021] EWHC 186 (QB), in which Browne Jacobson LLP acted for the Claimant Council. The judgment is critical reading for public bodies who are required to take action to restrict the use of confidential information in circumstances where that information has been inadvertently disclosed to a third-party.
Legal Update
Lloyd v Google – what next?
The Supreme Court’s pending decision could potentially open the floodgates for data privacy litigation going forward.
Training
Claims club - 16 June 2021
Watch our on-demand video for our popular Claims Club where we discussed the risk of data sharing, risks in a changing climate, highway claims and what we can see on the horizon.
Legal Update
Exam appeals guidance released
The Joint Council for Qualifications (JCQ) this week published the appeals guidance for grades awarded this summer.
Legal Update
Preparing to award teacher assessed grades
Schools will now be tasked with reading a vast amount of information to get themselves ready to provide teacher-assessed grades (TAGs) for students following the recent publication of the suite of Joint Council Qualifications (JCQ).
Legal Update
Everyone’s Invited – Ofsted to review safeguarding policies
Ofsted has announced that it will begin an immediate review of school safeguarding policies. It is now time that you take steps to ensure your policies and procedures are up to date.
Legal Update
Grades without exams - FAQs
In the absence of exams, the Department for Education (DfE) and Ofqual have confirmed that the 2021 GCSE, AS and A level and vocational and technical qualification grades will be determined by centre assessment.
Legal Update
‘Everyone’s Invited’ - managing reports of child-on-child assault and harassment
The ‘Everyone’s Invited’ movement has over 9,000 testimonies on its website and, whilst it has recently taken the step to anonymise everything on the platform, a number of schools have been named.
Legal Update
Laptops and lifelines
Training
Rising to the challenge: Digital transformation in schools - Part 2
Catch up for part 2 of our education training videos, exploring the role of digital transformation on our education system.