Skip to main content

Five top tips for strong data compliance in 2022

This article has five excellent top tips for strong data compliance in 2022, including; embracing near misses, leading from the top, outcomes-focused training, learning walks, consequences.

31 January 2022

I know, possibly the most exciting article you’ll read this year. Ok so I admit that it’s not that exciting, but – as you have heard me say plenty of times – this stuff is important. It can also be time consuming and with data protection compliance it is often a matter of prioritising effectively to make the most of your finite time.

Let this article help you with that focus and ultimately save you time and money.

Tip 1: Embrace near misses

Once your heartrate is back to normal, take a step back and ask yourself “what can we learn from this near-breach experience to improve our practice?”

Near misses (and for that matter actual breaches) present a good opportunity to learn. What went wrong? What needs to change? How do we avoid it happening again? It’s very easy to thank your lucky stars and move on, but in doing so you are likely to be doomed to repeat the same mistake. Invest some time now in figuring out how to be better, put those changes in place and see the long-term benefit.

Tip 2: Lead from the top

Evidencing a strong culture of compliance is an important part of the DPO role. The best way to achieve it is to ensure you and your SLT lead from the top. How the leadership are perceived to fall in line with any compliance issue has a serious impact on how the rest of school staff will act. Strong and consistent leadership will send a clear message to more junior staff; a dismissive approach that suggests it all doesn’t matter will pretty much end your chances of creating a strong culture of compliance. So, start at the top.

Tip 3: Outcomes focussed training

The ICO expects organisations (including schools) to be able to measure the outcomes of data protection training. This means proving staff knowledge, not proving that they attended some training you put on during the inset day. So, make sure your staff training outcomes can be evidenced, that you then review that evidence to identify knowledge gaps and then plan how to plug those knowledge gaps to improve staff knowledge and data protection practice.

Tip 4: Learning walks

Learning walks should form part of your regular review of staff compliance – it’s one of the best ways to review everyday compliance and it doesn’t have to be a big job. All it requires is a wander around school with your eyes open to look out for key physical risks – screens left unlocked, USB sticks in use, personal data left lying around, cabinets unlocked and so on.

A quick learning walk will help you identify the areas of risk in your setting which you can then build into staff training and updating. Soon enough, those risks will be managed and reduced.

Tip 5: Consequences

This is a big one. In May this year we’ll be four years in to the GDPR regime. Is it time for there to be consequences for staff not completing data protection training and/or not doing what is required of them? Spoiler alert: it is. I’m suggesting we go straight to the ‘stick’; by all means use the carrot too. However, if there is no real consequence for a staff member not completing training or not complying with policy, then what is their motivator for complying? Perhaps it is now time to look at making these issues a disciplinary matter or, at the very least, a difficult conversation with the Headteacher. What would happen if we were talking about safeguarding and not data protection? I’m betting there would be consequences.

Bonus tip: Work together, don’t reinvent the wheel

You know me, I like to give you freebies where I can, so here’s a free tip – work together. Being a DPO can be a lonely job, so look to networks, forums and make connections with other DPOs in your area so you have a support network around you. That way you can share learning/documents/experiences and take those benefits back to your school. As part of that, don’t forget the DPO Peer to Peer Support Forum in the LASBM online community.

I’ll be expanding on these tips and providing some more at the LASBM East Conference on 9 February.

This article was first published by LASBM on 27 January 2022



Dai Durbridge


+44 (0)330 045 2105

View profile Connect on LinkedIn
Can we help you? Contact Dai

You may be interested in...