GDPR Do's and Don'ts with Craig Stillwell

Posted  12th November 2020

With winter-term drawing in, many schools are facing increasing challenges. To help in these unusual times, Judicium offers a range of free 'On the Sofa' Sessions. These online sessions are designed to foster collaboration and networking. An informal setting where senior leaders from various education settings can connect, share practical strategies - and their questions can be answered. 

This blog is based on Judicium's GDPR 'Sofa Session' from 21st of October 2020, with our Resident expert Craig Stillwell LLB (Hons), LPC. 


Data Retention

Schools tend to have good practice when it comes to physical data retention, with many regularly reviewing old HR files and sending pupil files to secondary or further education. However, the use and management of electronical data is still a problem area. We advise the following:
  • Firstly, ensuring you have a retention policy & staff know key guidelines around this. It is important to make sure that you tailor the guidelines to your organisation, and build staff awareness around them.
  • Have a responsible person for data retention in your organisation. When someone is responsible, they will take out the time needed to deal with the data retention. Creating that element of responsibility will mean that it is addressed and looked at in regular intervals.
  • Thirdly, having clear deletion dates for electronic data. We must keep data for no longer than is necessary. Electronic data is stored on a higher volume and more frequently, so strong retention rules are key. Use your IT provider and look at automation deletion options to help limit staff time spent, deleting emails etc.
  • Finally, we recommend that when people are deleting and restoring data, they should log what and when they have done so. Keeping a record or log of this is good practice. The log doesn’t not need to contain each item destroyed, a summary of say ‘financial records 2018-2019’ is adequate.


School email addresses

We have seen a rise in poor data security surrounding Governors and trustees private email addresses. With terms of office coming to a close, the school cannot determine whether any data has been stored locally, or is able to physical remove access to previously shared files. Making retention policies hard to follow. By moving all governors and trustees to school email address, we are able to monitor and have more control on data shared outside of the organisation.


Training

There is a legal requirement is that all organizations must put in place appropriate training with regards to data protection. This includes awareness and refresher training.
We should be making sure that staff across the board are properly trained in how to handle data. Senior staff, who deal with more data, should be trained more intensely. It is about putting the appropriate measures in place for the appropriate people. We suggest to do a refresher training every 2 years, especially now that people are working from home more. It also helps with keeping awareness of data breaches high. Most data breaches are down to human error and can be prevented with awareness, which is why appropriate training is so important.


Security and home working

The legal position from a data protection perspective is that organisations must put in place appropriate security to prevent from deliberate or accidental damage, loss or unauthorized access. When it comes to security, you want to think about both physical and electronical data. There is often very good practice in place for physical data, documents are stored in cupboards with keys and only appropriate staff members have access. However, when working from home you should keep a log of who signs documents in and out for good practice. It is useful to take stock of a few things:
  • Encrypted laptops are recommended but might not be practical and too expensive. As a compromise you can provide senior staff member with encrypted laptops, because they often deal with more sensitive data.
  • Are you happy with who has access to the files? Electronical data can also be restricted and access can be given to specific members of staff. Using platforms on the cloud such as google drive etc.
  • Do you have appropriate security on how people can access data from home? For example, two factor authentications to access an internal drive or when using encrypted memory sticks.

Here at Judicium, we are seeing a rise in breaches across all area within the school, especially with misdirected emails. With staff transitioning between school and home working, it is important to review policies, look at refresher training and begin discussions surrounding retention of data in general as we return after half term.


If you require any support in any of these steps, or would like to talk to someone surrounding some support for your school please do not hesitate to call us on 0845 459 2130 or email tara.jones@judicium.com.

Safeguarding Supervision On The Sofa: Your DSLs Safe Space
  June 25 2025

This blog is based on Judicium’s Safeguarding Supervision On The Sofa: Your DSLs Safe Space ‘Sofa Session’ from the 25th June 2025, with our resident experts Helen King and Sarah Cook.

Read more

Getting to Grips with COSHH: Managing safety from Practical Departments to the Caretaker's Cupboard
  June 18 2025

This blog is based on Judicium’s Health and Safety ‘Sofa Session’ from 18th June, led by resident expert , Mike Wright, CMIOSH. This session focuses on the control of substances hazardous to health (COSHH) and their relevance in school settings, how assessments should be undertaken and what staff could be at risk.

Read more

SEND Leadership in Schools 2025: Confident, Inclusive, and Impactful
  June 05 2025

This blog explores how school leaders can develop SEND provision; when the right strategies are applied, leadership teams can build inclusive, confident, and impactful SEND provision that benefits every pupil. 

Read more

Beyond HR: Driving Strategic Success
  June 05 2025

This blog is based on Judicium’s Employment Law ‘Sofa Session’ from 4th June, led by resident expert Paul Luffman, LLB (Hons), L.P.C. The session explored the current challenges in the UK labour market—from skills shortages to recruitment gaps—and how the education sector can play a key role in addressing them. It also examined the shift towards skills-based hiring and what that means for recruitment practices in schools.

Read more

Supervision Uncovered: Busting Myths & Boosting Benefits
  June 04 2025

Supervision is dedicated time for professionals to reflect openly on the challenges of the cases they manage. This blog explores the common misconceptions, myths and the all important benefits to Safeguarding Supervision. Don't miss our Safeguarding Sofa Session on Supervision: Your DSLs safe space on 25th June at 10am OR 11:30am.

Read more

SEND: Top Tips for Making the Most Out of Your Support Staff
  May 21 2025

This blog is based on Judicium’s SEND ‘Sofa Session’ from the 21st of May, with our resident expert Rik Chilvers.

Read more