Five top tips for strong data compliance in 2022
This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.
I know, possibly the most exciting article you’ll read this year. Ok so I admit that it’s not that exciting, but – as you have heard me say plenty of times – this stuff is important. It can also be time consuming and with data protection compliance it is often a matter of prioritising effectively to make the most of your finite time.
Let this article help you with that focus and ultimately save you time and money.
Tip 1: Embrace near misses
Once your heartrate is back to normal, take a step back and ask yourself “what can we learn from this near-breach experience to improve our practice?”
Near misses (and for that matter actual breaches) present a good opportunity to learn. What went wrong? What needs to change? How do we avoid it happening again? It’s very easy to thank your lucky stars and move on, but in doing so you are likely to be doomed to repeat the same mistake. Invest some time now in figuring out how to be better, put those changes in place and see the long-term benefit.
Tip 2: Lead from the top
Evidencing a strong culture of compliance is an important part of the DPO role. The best way to achieve it is to ensure you and your SLT lead from the top. How the leadership are perceived to fall in line with any compliance issue has a serious impact on how the rest of school staff will act. Strong and consistent leadership will send a clear message to more junior staff; a dismissive approach that suggests it all doesn’t matter will pretty much end your chances of creating a strong culture of compliance. So, start at the top.
Tip 3: Outcomes focussed training
The ICO expects organisations (including schools) to be able to measure the outcomes of data protection training. This means proving staff knowledge, not proving that they attended some training you put on during the inset day. So, make sure your staff training outcomes can be evidenced, that you then review that evidence to identify knowledge gaps and then plan how to plug those knowledge gaps to improve staff knowledge and data protection practice.
Tip 4: Learning walks
Learning walks should form part of your regular review of staff compliance – it’s one of the best ways to review everyday compliance and it doesn’t have to be a big job. All it requires is a wander around school with your eyes open to look out for key physical risks – screens left unlocked, USB sticks in use, personal data left lying around, cabinets unlocked and so on.
A quick learning walk will help you identify the areas of risk in your setting which you can then build into staff training and updating. Soon enough, those risks will be managed and reduced.
Tip 5: Consequences
This is a big one. In May this year we’ll be four years in to the GDPR regime. Is it time for there to be consequences for staff not completing data protection training and/or not doing what is required of them? Spoiler alert: it is. I’m suggesting we go straight to the ‘stick’; by all means use the carrot too. However, if there is no real consequence for a staff member not completing training or not complying with policy, then what is their motivator for complying? Perhaps it is now time to look at making these issues a disciplinary matter or, at the very least, a difficult conversation with the Headteacher. What would happen if we were talking about safeguarding and not data protection? I’m betting there would be consequences.
Bonus tip: Work together, don’t reinvent the wheel
You know me, I like to give you freebies where I can, so here’s a free tip – work together. Being a DPO can be a lonely job, so look to networks, forums and make connections with other DPOs in your area so you have a support network around you. That way you can share learning/documents/experiences and take those benefits back to your school. As part of that, don’t forget the DPO Peer to Peer Support Forum in the LASBM online community.
I’ll be expanding on these tips and providing some more at the LASBM East Conference on 9 February.
This article was first published by LASBM on 27 January 2022
Contact
Dai Durbridge
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
You may be interested in...
Legal Update
ICO consultation on accessing care records: A legal perspective
Legal Update
Cyber-attacks in UK universities: Why failing to prepare is no longer an option
Legal Update
Artificial intelligence – shaping a sustainable future
Opinion
School attendance matters
Press Release
Spring Budget 2024: Browne Jacobson reaction
Legal Update
Not quite a blanket ban on mobile phones in schools: DfE guidance insights
Legal Update - Shared Insights
Shared Insights: Sexual safety in the workplace — how leaders can help to create a sexual safety culture
Legal Update
Progress on the Automated Vehicles Bill
Legal Update
Data protection in higher education: what to expect in 2024
Legal Update
The rise of AI in construction
Legal Update
Government foreshadows significant savings for public bodies as part of data protection overhaul
Legal Update
ICO consultation on transparency in health and social care
Legal Update
How to mitigate risk in disputes arising from AI use in technology projects
Opinion
Monitoring workers – ICO guidance
Legal Update
ICO consultation on fertility tracking apps
Published Article
UK: Legal issues with deepfakes
Legal Update
New guidance for employers on subject access requests published by the ICO
Legal Update
Ali Round 2 - High Court gives further guidance on causation and quantum for data breaches
Press Release
Browne Jacobson welcomes former ICO lawyer to support growing UK&I data privacy and tech practice
Legal Update
Update on data protection claims - Austrian Post Case
Press Release
Browne Jacobson launches specialist Ascensus programme for in house lawyers and business leaders
Opinion
Mopping up after a leak – how businesses can take steps to protect their confidential information
Legal Update
Cyber security and data breaches
Legal Update
Update on the Digital Services Act (“DSA”) – Important Dates and Deadlines Looming
Legal Update
Government publishes its proposals for expanding the Scope of the Network and Information Systems Regulations 2018
Guide
FAQs - converting to academy status
Legal Update
Protecting children and their data in the online environment
Legal Update
Top three training topics 2022-23
As well as providing day-to-day support to help you focus on managing your settings, we also provide training and professional development on a range of topics to keep you and your staff up-to-date.
Press Release
Law firm picks up record breaking sixth Education Investor Award
Browne Jacobson’s education team has been named as winner of the ‘Legal Advisors to Education Institutions’ category at the Education Investor Awards 2022 for a record sixth time.
Press Release
Thousands take part in virtual careers event to help increase diversity in the legal profession
Over 3000 young people from across the UK and Ireland took part in a virtual legal careers insight event, aimed at making the legal profession more diverse.
Published Article
Bruce Willis AI and the problem with deepfakes
A deepfake of Bruce Willis is advertising Russian mobile phones. Many great artistic and metaphysical questions are raised by this performance. However, this article is going to look at the intellectual property law implications, from a UK perspective.
Legal Update
DSA approved: Targeted Advertising Rules explained
Legal Update
Economic crime and cybercrime
It is clear that the digital landscape, often termed cyberspace, is a man-made environment, in which human behaviour dominates and where technology both influences and aids our role in it — through the internet, telecoms and networked computer systems, which are often interdependent. The extent to which any organisation is potentially vulnerable to cyber-attack depends on how well these elements are aligned.
Legal Update
Browne Jacobson’s market leading Education expertise recognised again in latest Legal 500 rankings
The new set of Legal 500 directory rankings have been published and we are proud to once again be recognised as one of the country’s leading firms advising the Education sector.
Legal Update
Data reform in the UK
Since the UK left the EU and are now able to move away from the EU data protection regime, the UK government have implemented a national data strategy with the aim of reducing the burden on organisations but maintaining a high data protection standard.
Legal Update
Are local authority companies subject to the Freedom of Information Act 2000?
In this article we look at local authority companies and whether they are subject to the Freedom of Information Act 2000. And for those that are, what information are they legally obliged to submit.
Legal Update
Digital Markets Act and Data Platforms - FRANDs for life?
The Digital Markets Act (the “DMA”) joins the dots between competition law and data protection law and actively targets data-driven platforms. It is also a comprehensive regulation to take note of, with familiar GDPR-style fines tied to turnover.
Legal Update
Avoiding the pitfalls of WhatsApp
The use of social media platforms and applications can have overwhelmingly positive benefits for public bodies. However, regulatory action recently taken by the Information Commissioner, has highlighted various pitfalls that public bodies should seek to avoid if allowing staff to use social media as a communication tool.
Legal Update
ICO consultation on research provisions guidance
The data protection legislation (namely, the UK GDPR and Data Protection Act 2018) contain various provisions that deal with the processing of personal data for research purposes.
Press Release
Browne Jacobson’s C-suite exec level coaching team appoints two new education specialists
National law firm Browne Jacobson has grown its team behind its dedicated Space + Time executive coaching programme with the addition of two more qualified coaches who will work with clients in the education sector.