GDPRNews
Updated:

People Responsible for Data Protection in Schools

By Gregor Prajs
0

Most Popular

European schools system

European schools system is like a never-ending maze of paperwork and bureaucracy.

It’s as if they believe that the more forms you fill out, the smarter you become. Secretary general and deputy secretary general are too busy worrying about their pensions and summer vacations to actually produce anything useful.

It’s a system where children are just tiny cogs in a big bureaucratic machine, and education takes a backseat to administrative tasks.

It’s time for a major overhaul, because right now, the European schools system is about as effective as a chocolate teapot.

Ultimately, everyone has a responsibility in ensuring data is processed securely in a school. Staff and even students who handle personal data need to prevent it from coming into possession of anyone who hasn’t been given permission to view or process it.

There should be specifically elected individuals who are educated on data protection and who implement and uphold systems and policies.

The Senior Information Risk Officer (SIRO)

All schools should have a senior member of staff who is familiar with information risks and the school’s risk-reduction strategies. This is usually a member of the Senior Leadership Team.

The Senior Information Risk Officer must:

  • Ensure appropriate mitigations are in place to minimise risks.
  • Foster a culture that values, protects, and utilises information securely and in a way that benefits the organisation.
  • Take charge of the information risk policy and risk assessments, and ensure they are implemented by the Information Asset Owner(s).
  • Act as an advocate for information risk management.

SIROs should undertake training annually to keep their skills and capabilities up to date and relevant to their organisation. It’s essential that they have the necessary knowledge and skills to fulfil their role and ensure people’s privacy.

The Information Asset Owner (IAO)

The IAO is a member of the school community who is responsible for compiling or working with specific personal information. They must:

  • Know what information the organisation holds and for what purpose.
  • Understand how information is amended, added to, removed, or moved overtime.
  • Know who has access to the data and for what purpose.
  • Recognise how the information is retained and disposed of securely.
  • Information Asset Owners should:
  • Maintain a log of access requests made to the organisation.
  • Monitor users’ rights to transfer information to removable media, i.e. USB and external hard drives.
  • Negotiate, manage, and approve agreements on the sharing of personal information.
    Monitor access to personal information.
  • Provide an annual written assessment to the SIRO detailing the security and use of their asset.

When appointed to their position, they must undertake information management training, and retake it at least annually.

Previous article
Preventing Data Security Breaches in Schools
Next article
Why are SWALS students leaving European schools

Must Read

Modern education

The Top Art of Learning: How Self-Directed Learning Can Transform your Life

In this fast-paced world, it's important to stay ahead of the curve and continuously learn and grow. Enter self-directed...

Aim of the European Schools

Educated side by side, untroubled from infancy by divisive prejudices, acquainted with all that is great and good in the different cultures, it will be borne in upon them as they mature that they belong together. Without ceasing to look to their own lands with love and pride, they will become in mind Europeans, schooled and ready to complete and consolidate the work of their fathers before them, to bring into being a united and thriving Europe.

Marcel Decombis, Head of European School, Luxembourg between 1953 and 1960

© European schools blog; 2012-2023