From education to employment

GDPR compliance not just for corporates

Rakesh Shaunak, Head of Further Education, MHA MacIntyre Hudson

How UK colleges should prepare for the General Data Protection Regulation (GDPR), which takes effect in May 2018.

As we move into a digital age, our personal data, who has access to it and how it is used, has become a global concern for all businesses, and the further education sector is no different. With the deadline now only less than nine months away, UK colleges need to be fully aware of the huge scope of the GDPR and the punitive fines for non-compliance.

The GDPR aims to create a cultural shift to strengthen citizens’ rights and give them more control over how their data is used and stored. While GDPR is an EU regulation, the UK government has stated that the new data protection Bill will be aligned with GDPR, so even after Brexit any organisation handling data must still comply.

The first step should be to assess the need for compliance and budget accordingly. Many colleges haven’t yet considered the cost implications of compliance and how to deal with emerging needs. The UK is lagging behind countries like Germany, where a number of practices covered by GDPR have long been commonplace, and we have a lot of work to do to catch up.

Budgeting for GDPR will include recruiting and training personnel, and this should start with the appointment of a data protection officer. Some colleges may be able to train from within, but others will need to recruit.  Resources need to be dedicated to ensure appropriate data management policies, and agreements will be required for staff to consent to the collection of their personal data.

Rapid reaction, comprehensive reporting policies need to be introduced, as the GDPR requires that any serious reporting breaches, where there is a risk to affected individuals, are referred to the Information Commissioner Office (ICO) within 72 hours. Policies will need to cover how to detect, investigate, respond and report data breaches when they occur.

Although the GDPR means varying degrees of work and resource for different colleges, its introduction will benefit both individuals and organisations through better security and more accurate information. With the correct approach and early preparation, colleges should be able to meet the new requirements without difficulty.”

Rakesh Shaunak, Head of Further Education at MHA MacIntyre Hudson

About MHA MacIntyre Hudson: A top 20 UK accounting firm, offering a full range of compliance and advisory services to entrepreneurial businesses, groups and multinationals with operations in the UK, and now to offshore investment funds. The firm has 89 Partners and over 580 staff in fifteen offices in London, the South East, East Anglia, and the Midlands and in the Cayman Islands. MHA MacIntyre Hudson is the UK member of Baker Tilly International, one of the world’s largest leading networks of independently owned and managed accountancy and business advisory firms.

Related Articles