Tag Archives: gdpr training

#10 Staff Training and ‘Pseudonymisation’

Posted on by
Reply

If nothing else GDPR is helping to broaden my vocabulary – and now I’ve learnt what ‘pseudonymisation’ is I wish I’d included it in our staff training!

Backtracking a little, our previous post was about staff training. We completed this at the start of term and have, of course kept a register to make sure we have covered all staff. I’m pleased to say it was all quite straightforward and nothing came up that caused any surprises although there was some interesting discussion about what constitutes a data breach.

Going through the presentation made me realise how many parallels there are with how we treat staff training for safeguarding, which always concludes here at Chase Bridge with ‘if in doubt record it and report it’. The same can be said in some respects with reporting any data breaches: ‘if in doubt, report it’. The other parallel being with the role of the DPO and Designated Safeguarding Officer – it’s important everyone in the organisation knows who this is and what they do.

One aspect we missed out of the training was ‘pseudonymisation’. There are some technical definitions to this but simply it is where partial information is shared about individuals or groups. Schools and education services are used to doing this already, sometimes just giving a child’s initials in an email or leaving out other personal identifiers such as date of birth. ‘Anonymisation’ would mean that the recipient cannot find out who the message is referring to whereas ‘pseudonymisation’ means that the receiver can identify the person in question. This is something I will be encouraging all staff to do in future (although most understand this already) – in most communications it is not necessary to give all identifying information and in doing so could increase the risk.

A. King

#9 GDPR Staff Training

Posted on by
Reply
Our GDPR to-do list has Staff Training. With the summer INSET day programme on our first day back we thought this would be a good opportunity to brief all staff on their responsibilities.
Having given it a little thought we have come to the conclusion that for the vast majority of teachers and teaching assistants the training doesn’t need to be over-elaborate. Obviously senior staff and relevant governor(s) will need different more specific training linked to their roles. We have timed it to about 10 minutes. It is going to cover the following:
  • What GDPR is and a little bit of the context – we’re going to use a couple of minutes from the DfE video (but no more!)
  • In summary help staff to understand the responsibilities of the school leaders – governors, headteacher, the DPO – and the obligation to provide staff training
  • What GDPR means for all staff – when it comes to reporting a breach the message will be: if in doubt, report it
  • Finally a review of the key messages
  • … and that’s it!
At Chase Bridge all key policies and procedures go into our school handbook, which forms part of our induction procedure for all new staff and is published annually with updates on our school website, so the GDPR policy and protocols will eventually find its way into that document. All staff are reminded of its contents annually and receive updates on any additions or amendments.
The PowerPoint being used on our INSET day is available here for download – hope you find it helpful.
Happy training!