The school is a privately funded educational establishment that provides a nurturing learning environment for both primary and secondary school children.
As a caring and responsible educational community, the school welcomes and values every student, providing a variety of benefits to children and their parents, including exceptional and challenging educational experience enabled by special extracurricular courses and activities, personal approach, smaller groups of students, involvement of parents in the community, dedicated and engaged teachers, state-of-the-art resources, and safe environment with constantly evolving support of the community.
"ROBUS helped us identify the personal data – some sensitive, that we process, who we share it and how long we should keep the data for. The inbuilt practical help and guidance, on how data can and cannot be handled or published, is invaluable."
To teach children the skills necessary in the ever-changing world, many parents are choosing private school education in Europe as well as around the globe. For instance, a total of 32,163 schools provided educational services in the United Kingdom in 2021, of which 2,461 were privately funded.
As an education provider we respect the privacy of our students, their parents, our guests, partners and our staff and all who visit our school and website Their personal information is never sold, leased, rented, or otherwise disclosed in any manner to any entity without prior consent unless otherwise required by law or as may be necessary as part of a regulatory compliance.
We take our obligations to safeguarding children and young people’s personal data seriously and appreciate that they have the right to say how their information is used. ROBUS Data Governance gave us a clear map of all our business processes that involve our student’s data and allowed us to act on best practice by assessing if the data relevant, accurate and processed in a manner that ensures security and confidentiality.
The GDPR makes schools and any other educational organisations more accountable for the data they collect and maintain and provides individuals with guaranteed rights concerning their personal data.
Any relations with third parties and pupils handled by school employees or personal data of guests must have data processing agreements in place. As most of the data managed by schools is related to the pupils who are children, requirements for data safety and proper maintenance are even higher compared to adult data.
Any data subject can exercise certain rights with regards to personal data, i.e. to ask a school to provide all the data related to an individual or to delete it within 28 days from the date of request.
DPIAs are required if data processing activities of an organisation could pose a risk to the rights and freedoms of individuals.
GDPR compliance is crucial for preventing data breaches, which in turn is paramount to the security and safety of pupils and staff alike. Moreover, if a school does not comply with the GDPR legislation, it runs a number of risks. A serious GDPR data breach can result in warnings and reprimands, increased fines, temporary or permanent bans on data processing, rectification, restriction, or deletion of data.
If a personal data breach takes place, a DPO may need to inform the Information Commissioner’s Office (ICO). Under serious circumstances, the DPO has to inform the individuals whose data has been put at risk.
Under Article 8 of the GDPR, processing of the personal data of a child shall be lawful if the child is at least 16 years old. Where the child is below the age of 16 years, consent to data processing must be given or authorised by the parents.
Most data breaches happen in schools due to such simple human mistakes as forgetting to put emails of the parents in BCC that makes all contacts visible to others. More tangible cases could also occur, involving more sensitive data. Regardless of the reasons, a breach must be investigated immediately.
The process should involve determining whether the breach should be reported to the supervisory authority. Simply put, it is the case when an individual may face social problems (including bullying), economic issues, financial or reputation losses, and fraud.
A pupil or an unauthorised employee finds a teacher’s laptop unlocked and accesses personal files.
A member of staff sends an old PC to be destroyed without wiping the hard drive.
An administrator sends an email containing personal data to a wrong recipient.
Someone accesses the school’s payroll system and enters incorrect information about staff pay grades.
The school faces a power cut that shuts down access to the information available only electronically.
Being an establishment that cares for not only the education but also the safeguarding of young people, the school processes a large amount of diverse special category data (both on paper and electronically) that needs to be kept secure and compliant.
The school has several departments that risk having siloed data repositories with no holistic overview. It is critical to have clear guidelines on the collection, risk assessment, processing, and storage of special category data.
The school shares a significant amount of data with the central government’s education department, health and social services, as well as other schools. Data sharing has to be performed lawfully and documented correctly.
Pre installation of ROBUS, BDO delivered a holistic data protection health check, which identified the areas our organisation needed to improve upon and drove internal awareness to our data protection obligations and how ROBUS would underpin our ongoing compliance.
As ROBUS drives us to follow best practices for data protection, we were able to control how data we collect and how we manage it.
Consistent processes and automated controls provide a framework for the efficient use of resources. Real-time information flows facilitate quick and informed decisions. Requests of data subjects and breach reports are related to data assets and service providers, strengthening the data privacy compliance of your organisation.
ROBUS works effortlessly with Outlook, SharePoint, and OneDrive. We are immediately notified, via email if a new subject request is submitted or if a potential data breach is identified and recorded in ROBUS. The ability to easily link a ROBUS record to a file or data set within our work areas such as SharePoint or Outlook gave us one record of a sometimes-sensitive activity. This helped harmonise data protection business processes that can sometimes be unruly and disparate.
ROBUS is intuitive, easy to use – an end-to-end data protection programme. As the system is built on the requirements of the Data Protection law and ROBUS guides us through it. The completion of a data protection impact assessment takes a third of the time, from the initial assessment of our data risks to managing the actions needed to reduce them and as ROBUS lets you link asset, to supplier and location – removing the need to re-write the same information over and over again.
All risks and actions input into ROBUS roll up to an organisation wide risk register, allowing for effective risk management.
The implementation of the tool went smoothly and all school staff members could experience tangible benefits of the system from the first day of use.
The school successfully used ROBUS to bring together a variety of data processing activities, allowing the management to see the current situation and prioritise continuous improvements in data protection compliance.
Since ROBUS’ implementation, the efficiency and speed of the DPO in monitoring the school’s GDPR compliance has significantly increased. The user-friendly interface allowed everyone in the school to log data into the system without difficulty or data duplication.
All data was migrated and organised in a short time, as the programme was tailored to the specific needs of the school. Particularly with ROBUS running on Microsoft Stack, the implementation was very easy: the software already in use at the school, such as Outlook, SharePoint, OneDrive, and Teams, was successfully integrated with ROBUS, and all processes were synchronised.
An important criterion for choosing ROBUS was the price. There was a flat annual subscription amount of 10 K Euro without subsequent price adjustments or additional payments, which made financial planning much easier.
ROBUS allowed us to create business streams that effectively convey responsibility and ownership across the business. In addition, ROBUS created a clear overview of risks and mitigation measures.
ROBUS Data Subject Access Rights (DSAR) functionality manages and records the full lifecycle of every document. From the request and proof of authority and identity to the fulfilment and approval, ROBUS enables companies to demonstrate compliance with global privacy standards.
With the ROBUS subscription, your team gets access to the onboarding training to quickly learn how to work with the system, its capabilities, analytical dashboards, and requirements. ROBUS applies a customer-focused approach to every client, so you can rest assured that your company will be treated individually to deploy the system fast and smoothly for the whole team.
ROBUS interface is available in German, Italian, French, and more than 100 other languages, so your team members do not need to speak English to work with the programme.
Data Privacy assessments simplify and manage your DPIAs by notifying the Data Protection Officer of any new processes, triggering an automated review cycle and providing an instant oversight to the Board for approval.
You can have up to 5 different levels of access to the system to manage each employee group separately, taking into account the level of involvement required for every document or project.
Give us a call, send us an email, or complete the form below and we will get back in touch with you to show you how ROBUS can benefit your organization and help you understand its comprehensive list of features.