We hope that you had a great Christmas break and a well-deserved rest with friends and family! A New Year often brings renewed focus on old challenges and a resolve to tackle new ones so we wish you all the best of luck in whatever you have chosen as your resolutions for this year!
This month’s newsletter features a reminder of our advice on data protection and Brexit, as well as information regarding security for your IT systems if you are using Windows 7 including some general advice around IT and email security. We will also be reminding you about how to avoid potential fines from the ICO by registering us as your DPO with them.
If you have any further questions about the topics below, or if you would like to book your next visit from us, please get in touch. Happy New Year and we look forward to seeing you in 2020!
ICO Registrations – Register SchoolPro as Your DPO
We have mentioned ICO registrations in previous newsletters so hopefully you are up to date with your ICO registration as a school! This is something that we are checking prior to visiting you and discussing with you if it needs urgent attention.
Last month we discussed ensuring that your school is registered on the correct tier. This month we want to discuss ensuring that you have your DPO registered with the ICO. This is a requirement and businesses are starting to be fined if they have not registered their DPO – we want all of our schools to be prepared and not at risk. We are also aware that there are companies targeting schools that haven’t got a registered DPO on the ICO register with marketing emails designed to create worry about the situation. We know that many of you have already added us to your ICO registration but if you haven’t yet, the solution is simple:
Send the following text to this address: dataprotectionfee@ico.org.uk with the subject line “Add a DPO” and they will sort it for you:
“Dear ICO,
The registration number of our organisation is [insert ICO registration number here] and we are required to provide the details of our DPO.
Please could you add our DPO details (below):
SchoolPro TLC Limited
c/o Harper Sheldon,
Midway House Herrick Way,
Staverton Technology Park,
Cheltenham,
Gloucestershire,
GL51 6TQ
Contact:
GDPR@SchoolPro.uk
http://SchoolPro.uk
Phone: 02032909093 / 01452540608
Many thanks for your help with this, if you need any further information please do not hesitate to contact me.”
If you have any questions about this, please contact us and we can help!
End of Windows 7 Support – Staying Secure
Microsoft ends Windows 7 support: What should you do? – BBC.co.uk
As of this Tuesday (14th January), Microsoft is ending its support of Windows 7 to allow it to focus on newer technologies. This has been in the mainstream news as you can see from the BBC article above and has been flagged by Microsoft for a long time. However, the deadline has now been and gone! This is also the case for Windows 2008 for Enterprise Servers which is still used by some organisations.
If you or your school are still running on Windows 7 or Windows 2008 Enterprise, you will no longer have support for the latest updates, patches and fixes which opens your system up to potentially very serious security risks and vulnerabilities. This puts your data at risk and so needs to be considered seriously. Updating to a more up-to-date version of Windows which is still supported will reduce this risk. We appreciate that there is a financial cost to this but the cost of not upgrading could be even higher!
It is, of course, good security practice to ensure that you are running up-to-date software and have all of the latest patches and updates installed to counter the latest security risks and vulnerabilities. Many organisations are very good at this and it is a standard part of their IT practice but there are a lot of organisations out there that are still not keeping on top of this. If you are unsure about your school, we ask you to speak to your IT support provider to get assurances as to how they are managing this for you.
As well as the systems themselves being up to date, it is important that your staff understand the latest risks to help limit the possible breaches you could suffer as a school. Email is still one of the highest risk areas in schools and it is important that all school staff understand this and how to mitigate their own risk. Some really useful advice around email security and phishing is below and this is something we can discuss with you on future visits and training sessions:
Email Security (Part 1) – reformit
Email Security (Part 2) – reformit
New Phishing Tracker For Office 365 – reformit
Real-time Phishing Protection Now Available in Chrome – reformit
Data Protection and Brexit
Another topic that we have mentioned in several newsletters but with the Brexit date finally looking to be imminent at the end of the month, we just wanted to reiterate a few key points:
- The most likely scenario at the moment seems to be that we will leave with a deal at the end of the month which should mean business as usual for your data, at least until the end of the transition period, currently scheduled to the end of this calendar year.
- If a no-deal exit occurs at any point in the process, the biggest impact will affect you receiving data from the EU if, for example, you are arranging exchanges or ski trips within the EU, or, if you have data stored in another EU country. If you are likely to be receiving data from a data controller within the EU (not from an individual but an organisation), then you will need to ensure that you have the appropriate standard contractual clauses (SCCs) in place if they aren’t already.
So, as things stand, it looks likely that there is no action required for the short-term but that isn’t to say that being prepared is a bad idea either. If you do have any questions about this, please contact us. Also, a reminder that further advice can be found here:
Prepare Your School for Brexit – DfE’s general Brexit guidance for schools
Brexit Guide: Data Protection for Education Providers – DfE’s guidance on data protection and Brexit for education providers
Data Protection and Brexit – ICO’s advice on Brexit
If you have any questions about this, please contact us and we can help!
GDPR in the News
Over 1.2B profiles found in unsecured server shows severity of data collection by tech firms – appleinsider
Over Half of Businesses Don’t Respond To GDPR Requests On Time – reformit
GDPR sows confusion in schools – The Times
First fine issued under new data protection regime – The Law Society Gazette
The worst passwords of 2019 are as bad as you expect – TechSpot
Please contact us if you do have further questions at GDPR@schoolpro.uk.
SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites.