Half of UK schools and colleges are ‘not fully compliant with GDPR’

The Data Support Agency was shocked to learn today that more than half of all schools are not fully compliant with new data laws.

A recent poll shows 80% of schools fear they are at risk of fines for not being fully compliant with GDPR and are concerned about the significant impact it would have on already cash-strapped institutions.

The poll by RM Education and Trend Micro and published by tes.com also revealed that 14% admitted they did not even have a clear plan to become GDPR compliant.

In 2016-2017, schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO), compared with 571 in 2014-2015.

Since the introduction of GDPR regulations in May last year, the number of data breaches and security incidents reported by schools has risen dramatically.

It is now compulsory for all organisations to report any data breaches where there is a risk to people’s data security, including incidents where no information is actually lost or stolen.

A need for compliance

Common disclosure issues include information accidentally sent by email to the wrong recipient and inadvertent verbal disclosure and the loss or theft of paperwork or data. However, regulations are even tougher when it comes to schools. They must be clearer about the data they hold, they must have a data protection officer and respond quickly to any issues.

Nicola Hartland, CEO and Co-Founder of the Data Support Agency said: “Schools hold sensitive information on both pupils and parents and so there is an obvious need for compliance.

“These startling statistics also raise wider concerns about the rising rate of schools data breaches since the new regulations came into force.

“Our company helps businesses and institutions of all sizes to become compliant. Our solution iCaaS, is a cloud-based software platform and provides the perfect answer for achieving, managing and maintaining GDPR compliance.”

Cyber Attacks

Threats of cyber attacks on schools are also putting pressure on schools to protect their data. These attacks can include malware, phishing and ransomware.

These incidents have risen by 69 per cent in the past year, in part because schools are seen as ‘easy targets’.

Last year, fraudsters impersonating headteachers managed to con schools across the country out of tens of thousands of pounds after their phone systems were hacked and calls diverted to costly premium-rate numbers. At least 48 schools reported the scam last year and one school lost a hefty £19,150 because of the security breach.

Schools have been advised to create boundary firewalls and internet gateways to improve security and to educate staff and pupils about online security.

Nicola Hartland added: “Schools need to make sure they are fully compliant with the requirements of GDPR or the consequences could be damaging for both their budget and reputation.”

Scroll to Top