Microsoft has provided UK educators with guidance relating to the new General Data Protection Regulation (GDPR), during the recent E2 Education Exchange regional conference at its London office.
Mark Orchison, managing director at education technology consultants 9ine Consulting, revealed the top five aspects of GDPR that educators should understand, as follows:
1. Educators should be aware of the impact of the UK government’s ‘10 steps to cybersecurity’ when using IT in school. Advice includes identifying the risk management regime, ensuring the network is secure, and how to deal with incidents that happen when working from home.
2. Users must ensure their data is protected when communicating with other people. When GDPR comes into force, organisations will have to reveal their lawful basis for processing the information, their data retention periods and explain that individuals have a right to lodge a complaint with the Information Commissioner’s Office if they have concerns with the way their data is handled.
3. When using their own technology such as phones and laptops, educators need to ensure it is password protected and encrypted. Full-disk encryption allows the owner to protect everything with one passphrase, which is entered when the device boots up.
4. Laptops and PCs should have adequate encryption, antivirus, malware and other protections. It is recommended that teachers keep personal and work-related information separate, and encrypt all files and devices that relate to their job.
5. Teachers should not rely on using USB sticks as information relating to pupils and staff can be lost or stolen if stored on unprotected USB sticks and personal laptops.
GDPR, which will be activated in May 2018, is designed to harmonise data privacy laws across Europe and protect all EU citizens’ data privacy.