What's your school doing about GDPR?

[BossWitch]

Just curious to know what's going on in other schools re. the new data protection laws. At ours we've had a quick five minute overview from a member of SLT during morning briefing a few weeks ago and that seems to be it!

From what I can work out, my planner will now become "medium risk" because of the stupid fucking spreadsheets of pupil info they made me stick into it at the start of the year, so I'll either have to leave it locked up in school or sign it in and out of the building each day. No pupil names in subject lines of emails. No emailing lists of kids out for trips etc. Not really sure what else, can't remember!

Is everyone's school as messy about this as mine, or have others got themselves a bit more organised?

[BringOnTheScience]

No emailing lists for trips is unworkable.

If you're coming to visit me for a science event, we have to have names beforehand so that access passes can be prepared before you arrive. We will then delete & shred of course after your group has left. If we don't have names first, then you'll all have to wait around in reception while the passes are prepared one at a time. Fancy doing that with your class of 30 plus adults?!

Here's a Q...
What do schools plan do with the various types of visitor books and sign-in systems that hold my name, employer and car registration number from I've taken the science to them?

[myidentitymycrisis]

We had 45 min session tonight. All new log ins and moving towards more paperless as possible. lots to think about

[ScarlettDarling]

We've had no training at all on this, I feel totally in the dark, but am starting to worry that the laptop I cart around to school and back home every day which is full of data on many children is breaking all kinds of rules. I need to speak to my head for some guidance on this.

[Aragog]

We have had a staff meeting on it recently, and our weekly news bulletin from the Head includes a GDPR comment each week, to act as a reminder. As I do a lot of the Social media and computing work in school, I have been involved with things a little more.

New parent permission slips going on with parents having more levels of permissions for the different things we use photographs and videos for, inc use after the child has left. Going to all new parents for September, plus all parents of current children. Current form does cover most of the stuff, but as we have made some changes to the way we use Social media (as below) it was worth an update.

Increased use of Google Drive, with passwords set to the account plus any documents containing any personal data or photographs password protected. Passwords, if need to be sent, to be emailed in a separate message.

Decreased use of memory sticks, even if encrypted ones.

Moved over a while ago from photographs on the public Facebook and Twitter accounts, to password protected learning blogs and Vimeo (for video sharing) for each class. Also adding passwords to the QR codes (linked to the learning blogs) displayed around school if they contain children's photographs/videos. Facebook/Twitter used for different purposes now, or for generic posts and photographs. Also, no reference to the location of upcoming trips which could be identifying, not until they are on their way home on the day at the earliest.

Class lists with other personal data on it not to be left on classroom walls. Must be behind a lockable cupboard door - such as the ASC lists (from external agencies as sometimes have address or tel numbers on) and lunch or milk lists (identify PP and/or FSM)

Registers and class drawers to be relocated in the locked office, not just outside it.


Will be speaking to IT tech about changing the password rules for staff log ons - at the moment there are no rules in place. Want to make them a mix of characters, symbols and numbers. Already reminded staff to choose harder to guess logins.

Have ensured all computers are now set to log out from the account after being left untouched for a period of time.

All classrooms are having one of their larger cupboards made lockable.

And I'm sure I am forgetting other stuff!

[CornforthWhite]

My school posts stuff on FB and Twitter all the tome(!) but only first names. Might say ‘hockey team’ not team lists.
Interested to hear you don’t mention trips till they are returning home.
The school thinks it’s business as usual. Interested to hear what others think.

[Caaarrrl]

Had a really boring CPD session recently about it. We will not be allowed to use hard drives or memory stick at all any more, not even encrypted.

[Aragog]

We have been using the whole photo without a name, or a post just mentioning first names for a while. We actually moved to the password protected blogs before I was involved in doing the GDPR staff for our SM, as a couple of things came up where I thought it might be useful and also a parent or two have requested it in the past, so i decided i and the time to investigate further and sort something out. This way is a little more time consuming, but we seem to have a reasonable system in place at the moment, and i have dedicated time to update them each week.

Re the trips, I might post something like "Class 1 will be leaving for the park/farm at 9am so please be prompt. See class teacher for more details." in advance. Then later, once they've been - "Class 1 had a fantastic day @xxx See the photographs on their Blog at " where I will link the place visited maybe a hashtag or two, and a link to their learning blog if photographs have been uploaded.

[BossWitch]

I'm interested to see how the GDPR requirements are going to stack up against the apparent "requirements" of Ofsted. So for example seating plans for every class with pp, SEN, prior attainment, target, etc etc. All that personal data!

The password thing - we've been told that we have to email the link to the password protected thing, then communicate the password by a different medium, so basically a phone call. Pain in the arse.

Most people seem to be primary here - any other secondary peeps about?

[CraftyGin]

We use G-suite for communications, so are fine to work at home, in the cloud.

All our external websites have been checked for compliance, eg online homework sites.

We are ordering keys for our filing cabinets so that we can lock away test papers.

Opinions about students have to be verbal. Only clear facts can be written down.

[BossWitch]

Crafty, what about writing reports? "Jenny is not working hard enough in lessons and will not meet her target grade without a much stronger effort" would be opinion, so would that not be allowed?

[CraftyGin]

You can write opinion if there is a strong business case.

Reports will be on the school MIS, so safely compliant with GDPR.

I wouldn’t write the report you gave suggested. It has to be subject specific and positive.

[noblegiraffe]

Some kids don’t deserve or need a wholly positive report!

But anyway. My school has communicated very little about this to us so far, I’m assuming it’s coming! We already don’t use pupil names in email titles, we work from home via remote access rather than using memory sticks and confidential documents are password protected when sent via email. Lockable cabinets for test papers? That will be an issue.

[Piggywaspushed]

From what I gather as a teacher and a governor, some schools are over reacting. My main understanding was that this was about sharing data with other places, so signing kids u to secure exam board revision sites was an example we were given. there are some issues with signing them up in my subject to an online screenwriting tool : we can't do that.

Otherwise, it's business as usual for us, except kids are no longer able to sign onto our laptops , which is a pain. And we had to provide a list of all the websites we use at school which we have to sign into (which was embarrassing! ) We use kids' names and photos with names on our website, although it's very buried : I thought that was more of a safeguarding issue. There's been some recent hoo ha about CCTV which may be linked.

Outside agencies always send encrypted emails and refer to students by initials : in fact , I once received a whole chain of emails and had no idea who social care were referring to!!

[mocktales]

We had a staff meeting then had to individually complete an online course to receive a certificate.

[olderthanyouthink]

🤣🤣🤣

when I was at school less than 10 years ago our form tutor gave us her password so we could do the register in SIMS when she wasn't there.

Also using first names only is BS I have a first name for which there are only 3 recorded births in the U.K. I am very easy to find.

[echt]

I'm in Australia where the privacy laws are barking. If a student doing the public exam (VCE) elects to be anonymous, their score is blanked out of the record sent back to me.

[tulippa]

We had a very boring staff meeting this week and will soon have to lock away anything with a name or initials on and have encrypted pen drives or similar. Not even allowed to give out a first name only class list for birthdays/xmas cards etc.

[Acopyofacopy]

We are awaiting instructions at the moment.
It will be interesting to see how planners with mark books in them will be handled.
I already had to check my trip folder into the school safe and have to request access when I want to work on it. No faff at all.