Bursars Review | Autumn 2017 | Sample

Autumn 2017 www.theisba.org.uk Feature Author Owen O’Rorke associate at Farrer & Co 020 3375 7348 Wearing another hat, staff are also the school's data subjects and so will need to understand and have provided to them relevant policies that affect them directly; CCTV and acceptable use of IT, for example. If the school is using safeguarding monitoring software or introduces a policy of recording all low-level concerns raised about staff, then this needs to be clearly communicated. All of which leads us back round to the question of updating policies. This is critical again to ensure buy-in from parents and pupils, so they understand how data is used; the parent contract will play a role, along with permission and contact forms (when they start and leave the school), and so will your new privacy policy. Hopefully, the message is clear that the full audit and assessment of practices should precede any attempt to update the privacy policy – and when it is ready, it should be rolled out and actively provided and explained to all those it affects. The ISBA, with Farrer & Co's advice and input, will be providing guidance and resources for all its members in the coming months along these very lines. However, the message, in the meantime, is that schools need to be taking their pro-active steps to ‘own’ compliance, to update and prepare systems as necessary, and to get a comprehensive picture of what personal data they already hold, process and intend to keep going forward. 12