Living in the shadow of the GDPRA collaborative blog: Dr David Willows, Director of Advancement at the International School of Brussels and Mark Orchison, Managing Director at 9ine.
On 25 May 2018, The General Data Protection Regulation (GDPR) came into effect across Europe. This significant and far reaching piece of European legislation provided a new focus on data privacy, not only for schools, but all organisations within the European Union and beyond. One year later, data privacy has risen up the priority agenda of schools across the globe.
Despite an initial feeling of being overwhelmed, many schools have already begun to comply with new legislation in different parts of the world. Terms such as "data mapping" and "Subject Access Request" have become part of the lexicon of school management, and many of us now feel a greater sense of responsibility to safeguard and protect the data privacy rights of all members in our community.
The impact of data privacy on what we do
Recognising the growing impact of data privacy on Advancement in schools - by which we mean school admissions, marketing and communications, fundraising and alumni relations - My Story Box (an innovation space used by the Advancement Team at the International School of Brussels) and 9ine Consulting invited colleagues from schools in Brussels, Frankfurt, Luxembourg, Paris, Stuttgart and Zurich, along with representatives from the Council of International Schools (CIS) and The Educational Collaboration for International Schools (ECIS) to a workshop in January 2019.
Our goal was to reflect on the journey so far and begin to design a practical tool that would support us in this area of our work.
Introducing the framework
Data Privacy and Advancement in Schools: A Framework for School Improvement was published in July 2019. The document is both a summary of ideas and insights drawn from the original workshop, as well as a practical tool and roadmap for improvement in this area of our work.
Our hope is that it both captures the importance of data privacy for schools, frames the work that we need to do, and provides those of us who work in the field of admissions, as well as other aspects of Advancement in general, with something of a roadmap for improvement in the years ahead.
Unboxing and using this framework
In thinking about how to frame and organise our thinking about data privacy, we decided to use the The Periodic Table of Advancement™.
What is the Periodic Table of Advancement™?
The Periodic Table of Advancement™ (Fig. 1) is a tool that begins by defining Advancement around three fields of activity: telling the story of the school, helping people find their place in that story, and managing a set of processes that enable these things to happen.
It then breaks down our work into a series of essential, irreducible, yet interrelated Elements. These Elements combine and connect in a variety of different combinations and, depending on our context, are given different weight and importance. However, we believe that each Element is, in one way or another, important to understanding how schools function and advance.
As we considered the impact of data privacy on this definition of Advancement, we began to identify a small cluster of data privacy "standards" with each Element. So, for example, if we consider the importance of Brand as an aspect of school life, it appears that we are able to identify two data privacy standards that are specific to this aspect of our work. An example of how the standards are organised is given below (Fig. 2).
Relevance beyond Advancement
Whilst our first objective was to consider the impact of data privacy on school enrolment management, communications, fundraising and alumni relations, we noticed that many of the standards might be considered "core" in the sense that they are applicable to all aspects of school life. These "core" standards have therefore be identified.
Where you shine and where can still improve
So once you download the framework, what's next? The first thing to underscore is that the standards are not a comprehensive list of regulatory obligations. Neither do they replicate the accreditation standards and criteria that have been incorporated into the strengthened CIS International Accreditation protocol.
What they do provide, however, is a set of aspirational statements - together with a continuum of benchmarks - that, together, go some way to describe the kind of schools that we believe we should all strive to become.
We therefore encourage you to use this tool to have better conversations with your colleagues; to identify areas where you want to improve; and to get a sense of where we all might be heading over the coming years. The good news is that, once you have identified areas for improvement, there is plenty of expertise to support you along the way.
How Can 9ine Help?
Having comprehensive documentation and appropriate organisation measures are required to evidence compliance and demonstrate accountability with international data protection law. If you are concerned about the current state of your school's documentation, why not organise a call with 9ine? We're currently offering complimentary data privacy reviews of where schools sit against the framework. You can organise a call with 9ine below:
9ine's DPO Essentials subscription service provides outsourced expertise and resources to support your data protection team with communicating school procedures to staff, students and external individuals.
"RoadSIDE Recovery" for Data Breaches & Requests for Information
For ad hoc emergency support should you have a breach or tricky SAR, register for 9ine's Incident Response. Sign up in advance and, like a car breakdown service, you only pay when you need help!