The General Data Protection Regulation (GDPR)will come into force in 3 weeks time. 25thMay though is not a cliff edge; nor is it doomsday when the Information Commissioner will start wielding her 20million Euro (fine) stick!
In December, the Commissioner addressed some of the myths being peddled about GDPR:
“I‘ve even heard comparisons between the GDPR and the preparations for the Y2K Millennium Bug…
In the run up to 25 May 2018 there have been anxieties too, albeit on a less apocalyptic level. Things like we’ll be making early examples of organisations for minor breaches or reaching for large fines straight-away and that the new legislation is an unnecessary burden on organisations.
I want to reassure those that have GDPR preparations in train that there’s no need for a Y2K level of fear…”
There are a number of steps that you should be doing to prepare for GDPR. Remember, failure to have completed these tasks by 25th May will not lead to a 20 million Euro fine. However, to quote the commissioner at the ICO Conference this year, “It’s important that we all understand there is no deadline. 25th May is not the end. It is the beginning.”
In 2011 I received a gorgeous CD through the mail from a school. It invited me to send my children (at the time aged 30, 29 and 25) to their school (35 miles away from my house). Read the full story on Act Now website ( a Northern school). I did complain to the ICO but his decision was in favour of the school. This was my conclusion to the affair.
“A school/college with no prior relationship with me buys my name from a list broker as I am apparently rich and with junior age children (wrong on both counts) and then sends me unsolicited marketing material through the post. When I exercise my right to subject access they ignore it for two and a half weeks then fail to give me what I ask for because they don’t know from where they obtained my personal data.
The ICO when asked to look into the case decides the college did nothing wrong.
Moral – keep bad records, mail who you like even those with no relevance to your product, fail to respond to individuals exercising their right to access promptly and you’ll be fine rather than fined. “
I put it down to experience never expecting to hear from the school again but today they emailed me. Despite me reporting them to the ICO and an investigation taking place and their promise to delete my name and address from their database they emailed me with an offer I couldn’t refuse.
I will complain again. This time I have PECR on my side as they have strayed into electronic marketing as well as basic section 11 stuff. The school is also now a serial offender. Will the ICO listen, take action or will I get a similar response 5 months after I complain. See you around Xmas time.
It’s time to name and shame Queen Ethelburgas. Look out for the information notice.
It gets worse. I chose to report the message as spam as they invited me to. Here’s the screenshot of their procedure. Only a few errors in spelling and punctuation.
Teaching? A mugs game. The (mythical) long holidays, the (mythical) 3-30 finish, the (mythical) relaxed and friendly environment as you helped the enthusiastic next generation prepare for adult life…
Playground duty was the bane of my life when I was a teacher. Once a week you had to forgo the 15 minutes of peace in the staff room and that warm cup of coffee and patrol the school playground, breaking up fights, solving Rubik’s cubes and avoid being caught by those awful children’s jokes (If a bottle of medicine cures a cough what does half a bottle of medicine cure?).
So on a recent training session for schools in a northern council we talked to the delegates – mostly Headteachers – about the Publication scheme. We looked at the definition document listing the material the ICO recommended schools to pro-actively publish, we gave them the two common sense Act Now solutions (1. find all the relevant documents and put a paper copy of them in a ring binder in the school office then photocopy on demand or 2. turn them into PDFs and put them on the website so people can download what they want).
After considering all this and thinking for a moment or two one of the delegates (a headteacher no less) said ” I don’t think we’ll bother with this. It’d take too long.”
What’s the punishment for forgetting to do playground duty?
Opprobium, embarrassment, ridicule, double duty next week.
What’s the punishment for failing to carry out a duty under section 19 of the Freedom of Information Act for seven and a half years?
Over to you….
(The answer is 50% of a cough. Whatever you do don’t say half a cough).
We delivered some training today to a school in the north – we have a briefing for schools covering DP & FOI in a half day – and as usual prior to the training we did some research which included making a FOI request to the school. Right at the very end of the afternoon after the case studies and the questions the trainer asked if the school had received any FOI requests in the last 7 years. The head teacher sitting bravely on the front row shook his head. Others chimed in and consensus was milliseconds away when the trainer showed on the screen the screen grab of the request that had been made by email 19 days ago using the school’s contact us page.
Silence and almost simultaneously darkness fell.
‘Looks like a request to me” intoned the trainer, “it’s asked for a biography of the Headteacher and details of his reimbursement package for the last financial year”.
Then Marion the school secretary who’d been sitting at the back spoke. “I might have seen that one” she chirped, ” but I delete anything that looks dodgy”.
“What’s dodgy?” ventured the trainer,
“The name, the email address – I don’t allow hotmail ever”, replied the determined administrator.
The trainer tested out a few requests that he knew had been sent to schools in general – the knife incident request, “deleted that” , The CRB question, “deleted that” and the realisation that Marion had set up a foiwall that had yet to be penetrated settled on the room.
Marion is of course a pseudonym. Her real name was Margery.