Ensuring Data Compliance in the Education Sector
In May 2018 all education organisations will require to be GDPR compliant. This new legislation will effect the way schools, colleges and universities manage & store personal data.

Recarta have a deep understanding of GDPR obligations and can help any IT decision maker in the education sector remain compliant with their data storage and infrastructure.

12 steps to take to be GDPR compliant
Children and GDPR
  • Children need particular protection when you are collecting and processing their personal data because they may be less aware of the risks involved.
  • If you process children’s personal data then you should think about the need to protect them from the outset, and design your systems and processes with this in mind.
  • Compliance with the data protection principles and in particular fairness should be central to all your processing of children’s personal data.
  • You need to have a lawful basis for processing a child’s personal data. Consent is one possible lawful basis for processing, but it is not the only option. Sometimes using an alternative basis is more appropriate and provides better protection for the child.
  • If you are relying on consent as your lawful basis for processing personal data, when offering an online service directly to a child, only children aged 13 or over are able provide their own consent.(This is the age proposed in the Data Protection Bill and is subject to Parliamentary approval).
  • For children under this age you need to get consent from whoever holds parental responsibility for the child – unless the online service you offer is a preventive or counselling service.
  • Children merit specific protection when you use their personal data for marketing purposes or creating personality or user profiles.
  • You should not usually make decisions based solely on automated processing about children if this will have a legal or similarly significant effect on them.
  • You should write clear privacy notices for children so that they are able to understand what will happen to their personal data, and what rights they have.
  • Children have the same rights as adults over their personal data. These include the rights to access their personal data; request rectification; object to processing and have their personal data erased.
  • An individual’s right to erasure is particularly relevant if they gave their consent to processing when they were a child.
"Recarta where able to quickly identify all our data management & compliance pit holes and make cost effective recommendations. As a senior IT manager I know have complete assurance around every aspect of our data management. "
International private bank, IT Head.
Why work with Recarta?

Ensure your Data Structure is Compliant

Ensure your Infrastructure Licensing is Compliant

Ensure your Database structure is compliant

Ensure your hosted infrastructure remain compliant

Speak to an expert today
Need support to ensure your orgainsation can remain compliant? We've helped dozens of education organisations review their data management policies, infrastructures and databases. Call us today to talk to an expert and find out how we can help.