Step One: Suppliers
This is the starting point; you need to gather information on all the suppliers and products you share data with. We would recommend that you work together with your heads of departments and ask them to go around speaking to their staff. You need to find anyone you share personal information with, whether it is free or paid for, one bit of data or a load!
Remember, if you cannot find the supplier on the platform, ask is it supplier only your school would use or is it a national supplier? If only your school uses it put it in the Local products area, if it is a national supplier, please let GDPRiS know!
Step Two: Staff
We should look into to getting staff onto the platform, We would recommend using the User Import Template.
We recommend getting staff on the platform for a few different reasons:
- Suppliers. You can assign users to suppliers so you can track who is accessing what data.
- Breaches. If staff are on the platform, then they can log breaches. We understand that you may not have received any requests, but by logging any possible breaches it would show that the school is being proactive and has addressed low risk breaches rather than just high-risk ones.
- Training. We have a training area within the platform. Staff need to complete GDPR Training and via the platform, they can sign up for training that looks at the different roles within the school. We also have training videos helping you get an idea of breaches and SARs.
- Viewing Policies. You can upload policies onto the platform that require confirmation to view. This way you can ensure staff have read all policies you need them to. The Document Acknowledgement Report shows when staff have accessed and acknowledged documents.
Step Three: Staff Training
If you are on the latest GDPRiS 2020 (pro) version of the portal you will be able to access all the training modules, including the role-based training for free and at the end your staff can download a certificate to confirm they have completed it. Evidence of the training is recorded in the report section of the portal.
We would also recommend the SLT to complete the one on Breaches so they can help to identify breaches easier. It would also be beneficial to speak to staff and remind them to record breaches on the platform!
If you would like information about this upgrade, please contact us here at email@example.com and we will make contact.
Step Four: Audit
We have an audit based around the ICO's accountability toolkit (School Organisation Questions), this is something that is intended to be done over time and something that I would encourage you to go through with a team in the school. In the Pro Resources 00. Accountability Toolkit folder, there is a spread sheet that includes useful information such as where to find resources to help with various requirements or if GDPRiS already has you covered on that requirement!
Step Five: Annual review
The school needs to review GDPR on a regular basis, whether it is each year or each term, however you want to do it. You need to look at staff training, suppliers, and status of GDPR within the school.