In Term 2, the Trust commissioned a Data Protection audit to evaluate the effectiveness of its current processes and procedures. This audit aimed to proactively enhance the management of staff and young people’s data, ensuring that the service remains focused on being ‘child first’ in all its operations.
Here are some of the highlights from the audit:
To lead Data Protection efforts, the Trust has designated compliance personnel who ensure that Data Protection is fully embedded in each school’s daily practices. The audit included discussions with both a long-standing school within the Trust and a recently onboarded school, providing a comprehensive review of Data Protection implementation across different contexts. It was evident that GDPR leads make up a core part of the Trust culture and staff understand their responsibility.
The Trust has adopted a robust approach to managing new processes through a tiered Data Protection Impact Assessment (DPIA) process, which is considered best practice. New systems and programmes integrated into the Trust’s functions undergo thorough assessment to ensure compliance and security.
As part of the induction process, all new staff receive GDPR in education training, which is tracked and reported to the Audit and Risk Committee. Training is provided on a tiered basis, with the type and frequency of training related to the staff’s access to personal data. Additionally, all staff complete annual cyber security training.
The Trust recognises the importance of security when processing the personal data of vulnerable groups. When such data is processed, the Trust implements a robust DPIA procedure to ensure appropriate safeguards are in place.
Through these comprehensive measures, the Trust has demonstrated its outstanding commitment to data protection and its proactive approach to continuous improvement, ensuring the highest standards of data security and privacy for all stakeholders.