GDPR

Article Image

The European General Data Protection Regulations (GDPR) come into force in May 2018 and will apply to all member states of the European Union. Application of the regulations in the UK will not be affected by Brexit as the government is expected to incorporate the regulations into a new Data Protection Act.

GDPR extends the right of individuals already enshrined in the Data Protection Act; putting particular emphasis on sensitive data and data held about children under the age of 16 years old. If schools are not compliant by May 2018 there is a risk of a significant fine and serious loss of reputation. In addition, schools need to be ready to manage requests for information more quickly and efficiently post May 2018.

Benefits

Schools will benefit from ensuring that they budget for an Information Governance service to gain peace of mind knowing that in the event of a serious data breach or complex request for information support can be provided without having to make separate budgetary arrangements.
Spinner

More Details

There are 2 levels of service:

1. Gold

This service includes unlimited advice from the information governance team and includes:

  • An initial audit of the school to identify areas of non compliance and high risk
  • A bespoke audit report and improvement plan
  • Refresher audits to ensure compliance with the legislation which will take place every three years or more often if there is a specific need (such as a significant change in legislation)
  • A suite of policies and procedures to improve data management
  • Privacy notices
  • Guidance on implementing ‘privacy by design’ requirements across your school
  • Procedural guidance for managing Subject Access and Freedom of Information Requests to ensure legal complaince
  • Specific policies, guidance and risk assessment around managing data breaches
  • A designated Data Protection Officer as required by the new legislation, who will take responsibility for data protection compliance for your school
  • Maintenance of a data breach log, including recording of decision making and assistance when schools need to report breaches to the ICO.
  • Ongoing advice and support to deal with individual cases that are received by your school
  • Stage 2 Reviews for FOI/SAR completed independently by the Council
  • Access to an IT system to enable you to record, manage and report on all aspects of information governance
  • Access to the council’s e-learning module on data protection (including annual refreshers)

2. Silver

This service includes 10 hours of free advice from the information governance team and includes:

  • A suite of policies and procedures to improve data management
  • Procedural guidance for managing Subject Access Requests
  • Procedural guidance for managing Freedom of Information Requests
  • Specific policies, guidance and risk assessment around managing data breaches
  • 10 hours of advice and support to deal with individual cases that are received by your school
  • Access to the council’s e-learning module on data protection (including annual refreshers)

All advice/support provided over and above the first 10 hours for Silver customers will be payable by the School on an hourly rate basis at £110.00 per hour.

A School which is permitted to upgrade during the course of the Agreement from the Silver to the Gold Service shall pay the full annual amount chargeable for the Gold Service in that year less any amount already paid in respect of the Silver Service.

Core Purpose

1. This Service Level Agreement (SLA) is the basis for the work completed by Information Governance for individual schools. The aim of the document is to outline clearly the roles and responsibilities of both Information Governance and schools to support the provision of the service, and to ensure that the service provided by Information Governance is of high quality, and as timely, accurate and complete as possible.

2. It should be noted that Information Governance reserves the right to refuse instructions where the Solicitor to the Council believes that to act on the instructions:
  • would be contrary to Council policy;
  • would be unlawful or likely to lead to maladministration; or
  • would involve a conflict of interest

Responsibilities of Information Governance

1. Information Governance will acknowledge instructions within 2 working days of receipt with details of the officer who will be responsible for the case.

2. Information Governance will provide non-urgent and routine legal advice within 10 working days of receipt of instructions.

3. In cases of urgent and/or complex advice, Information Governance will provide the advice within a timescale agreed with the School but no later than 72 hours

4. Information Governance will provide an immediate service during normal working hours in cases of emergency.

5. Where the ICO becomes involved Information Governance will liaise with the School and provide specific support on managing the data breach including support to draft a response to the ICO.

6. Information Governance will determine which officer has charge of or carries out work relating to any case.

Quality Assurance Standards

Information Governance will use all necessary professional skill in the provision of the service and will ensure that competent and suitably qualified and trained personnel are engaged in the provision of the service.

Information Governance will also endeavour to provide the services to the standard and to the timescale required by the School.
Spinner

Terms

Spinner

Annual Contracts & Other Packages

Spinner

Ad-Hoc Support & Other Services

Spinner
Yvonne Salvin
01582 547062
yvonne.salvin@luton.gov.uk
Spinner
Spinner