Management Information System (MIS) for schools
Category : Blog
Questions you should ask your MIS about GDPR As you’ve no-doubt seen from the relentless marketing by third-parties – GDPR came into force in schools in May 2018! The below is our take on the questions you should ask your suppliers, including your MIS to ensure you’re GDPR ready. Just copy and paste! Why should
Questions you should ask your MIS about GDPR
As you’ve no-doubt seen from the relentless marketing by third-parties – GDPR came into force in schools in May 2018! The below is our take on the questions you should ask your suppliers, including your MIS to ensure you’re GDPR ready. Just copy and paste!
Why should schools & MATs care about GDPR?
GDPR introduced significant new compliance obligations for schools and new requirements for the processing of children’s data, notably increased governance requirements and much higher fines if schools & MATs fail to comply (upto the greater of €20m or 4% turnover). Ensuring compliance is unfortunately a good deal of work, but you can lean on your systems providers to do a lot of the heavy lifting for you.
Questions to ask your MIS
Your MIS is the key source of student and staff information you have in your school, including most of what GDPR would constitute ‘personal data.’ It’s important when preparing for GDPR that you ensure that your MIS is compliant, then you can switch attention to other suppliers and systems that feed off the data in your MIS.
Does your MIS have any current data protection and cyber qualifications (e.g. ISO 27001, Cyber Essentials Plus)
Increased risk, especially for MATs who are data controllers for multiple schools
Is your MIS liable for any act or omission by these sub-vendors?
If you as a MAT pool your data centrally in a dashboard or central schoolview, does that meet GDPR requirements around permissioning and data pooling?
Does your MAT central data meet GDPR requirements ensuring that data is permissioned and each school’s sensitive data is kept separate?
What should your schools be doing now?
There’s a lot of scaremongering by third parties, but Iain Bradley (Head of Data Modernisation) at the DfE has written what I think is a very useful blog that discusses the steps schools should be taking now.
The above steps are often best captured in a data mapping exercise which we’ve done at Arbor, and which Iain from the DfE has done at the primary school where he’s a governor. A copy of the picture is below.
How Arbor can help
Arbor exceeds current data security recommendations. We’re ISO 27001 compliant (the standard in data protection certification), on the government’s G-Cloud framework and accredited to hold sensitive data. We also stress test our processes and procedures by getting tested by third parties and holding cyber qualifications.
We’ve put a presentation together that sums up these points which you can read by clicking here. All in all, GDPR is something that schools should consider seriously, but you should lean on your providers to help alleviate the burden.
You must be logged in to post a comment.
Floor 8, HYLO
103-105 Bunhill Row
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.