Data Protection Dos and Don’ts
Practical data protection guidance to consider:
Do:
- keep personal data safe – it’s everyone’s responsibility
- think before you speak – a disclosure can be spoken as well as written
- ensure you are authorised to take information off site – including hard copy/paper files
- wherever possible use remote access instead of taking information off site
- shred personal data before you dispose of it and use confidential waste sacks
- ensure personal data is accurate and up to date
- be aware of retention and disposal guidelines – data cannot be kept indefinitely
- know who you are allowed to share information with (data sharing protocols)
- be aware of all GDPR, School and Barnet Authority data protection, GDPR and information governance policies and procedures
- ask for advice if you’re not sure
Don’t:
- ignore potential risks – report incidents or concerns to the Headteacher or DPO (Data Protection Officer)
- email sensitive information unless you are sure it is encrypted
- leave your media devices unattended e.g. in your car
- store or send personal data on removable media (e.g. SD Cards, USB drives)
- assume you can disclose personal data to another member of staff
- leave mark books, written information of a sensitive nature and printouts lying around – even accidental disclosures are considered a breach
- use personal data for a different purpose without considering GDPR and data protection regulations
- write any comment about any individual that is unfair or untrue which you would be unable to defend if challenged.
- You should always assume that anything you write about a person will be seen by that person.