A good data protection program starts with good governance. Governance is the thinking behind the implementation of strategy and a key activity in any data protection initiative. Governance underpins compliance and accountability, and there are significant financial benefits that good governance can bring to schools and organisations.Good governance enables you to manage and protect the personal data of individuals and enables you to really focus on the essential data you need. By following a granular approach to meeting your legislative or policy obligations it becomes easier to identify areas of inefficiency in your use of data. Once you’re effectively managing your data, you can use it in a positive and holistic way that benefits your school.
When considering implementing a data protection program there are several questions you should ask:
- What do I want to achieve?
- What type of framework should I implement?
- Who needs to be involved?
- What type of information is my school collecting?
- What value does good governance provide?
- What tools and resources are available to help my school move forward?
What do I want to achieve?
Most schools will respond to this question by saying “I want to achieve good data protection”, the challenge is understanding what “good” actually means. By following a common data protection framework schools can benchmark themselves against other schools and track their own progress. 9ine has worked with 200+ schools across the globe, including those with large international enrolments and school groups. We have an in-depth understanding of the different objectives that various types of schools and organisations should be aiming for, depending on what stage they are in during their data protection program.
What type of framework should a school implement?
It’s essential that your school adopts a consistent management approach for governance, risk and compliance (GRC) in the area of data privacy and protection. When considering the type of framework your school will follow, keep in mind that the European Union’s GDPR is considered to be the global gold standard in data protection and that the most robust, tried and tested data protection frameworks will be modelled on a framework supporting GDPR compliance. 9ine’s Data Privacy and Protection framework has been developed specifically for the education sector and has evolved since the introduction of the GDPR to suit the needs of schools processing subject data covered by many different jurisdictions. It is true that most organisations experience similar challenges, but schools do have specific concerns, especially when it comes to managing the responsibilities of caring for children and balancing safeguarding and data protection.
9ine provides free, virtual leadership training workshops in the areas of data protection & security and systems in education designed to assist internal data protection teams understand changes in global and local data protection law.
Who needs to be involved?
Governance ensures that everybody knows what their roles and responsibilities are and is where the provision of organisational and physical resources flows from. It’s an important part in evidencing management accountability. You should have a complete set of education specific governance roles and responsibilities and be able to identify escalation paths. You will also need to keep a training record to evidence training and understand the strengths and weaknesses of the expertise in your team. Understanding roles and responsibilities means that your team can communicate concerns, issues and problems with data to the individuals that can influence change.
What type of information is my school collecting?
We know that information is the driving force of any school. Good governance in data protection gives you a full picture of how data flows across your school and should record your school’s inventory of processing activities. Having a centralised record of processing activities reduces risk in your organisation and allows you to confidently identify and manage the personal data of your data subjects.
What value does good governance provide?
A well-executed governance program will provide information that will allow you to improve and track the improvement of your compliance program over time. Calculating the value of governance in data protection protection requires three essential steps:
- Do the research. Make good estimates of the number and types of records you have the potential to lose.
- Decide how to operate your program. One of the largest controllable costs in a data protection program is the level of effort associated with event triage. Failure to expend the necessary effort may result in increased regulatory exposure, so it’s important to get this part right.
- Measure and adapt your program over time.
When making decisions about how to operate your program there are two options: find and retain the in-house staff to build policies and tune them or find a service provider who will take over the burden of both policy creation and triage. 9ine’s GRC platform makes it easy for schools to choose the first option while providing exemplar policies and procedures and an incident triage tool. It is the number one global platform, trusted by schools big and small to demonstrate accountability with privacy compliance. This means schools can effectively maximise in-house resources while receiving all the benefits of an external consultancy.
What tools and resources are available to help my school move forward?
Good governance allows education technologists to accelerate digital transformation and confidently invest and facilitate innovation in the areas of education technology. With the breadth of activities required in data protection, it’s easy to feel as though you only just have enough time to keep on top of things, rather than drive the school forward. GRC technology, such as the 9ine platform can help to simplify the way you manage data privacy and protection, streamlining tasks, providing visibility and increasing efficiency, leaving you with more time to move your school forward. 9ine’s GRC software automates risk and compliance processes for data protection, safeguarding and security and systems in education. Quick to implement and easy to use, with continuous support the platform empowers school leaders with a common framework for data protection, IT and safeguarding that is adaptable to suit global compliance regulation.
Good governance means that the quality of your data is improved; it improves trust in your school brand, provides data driven analysis that can be used for objective decision making, reduces the risk of overspending in IT and also plays an important role in school business continuity.
ABOUT THE AUTHOR:
Olivia Malaure is 9ine's Head of Content Marketing and has worked in the education sector as both an educator and marketer for 20+ years. Prior to working in edtech marketing, Olivia worked in print media as deputy editor for a publication in the family and parenting sector. She holds a Bachelor of Dramatic Art and a Diploma of Digital Marketing (CIM).