GDPR is looming large on the horizon, and it has probably got you reviewing how you handle personal data, in particular how you can better protect it from being lost or falling into the wrong hands. The risk of data being lost increases greatly when data is copied onto laptops or memory sticks and is then taken outside of the school. And if those laptops or memory sticks are not encrypted, then the chances of the data falling into the wrong hands increases as well. So what can you do to protect against such a disaster?
- Don't keep any personal data on unencrypted laptops that might be taken out of school. In other words, if there is nothing you can do about the laptop, then just take the data off of it.
- Upgrade laptops to Windows 10 and fully encrypt with BitLocker. By doing this you can rest assured that if a laptop is lost, the data can't fall into the wrong hands.
- Store the data in Office 365 and only access and work on it there. In other words work on it online and don't download it.
- Try to avoid using memory sticks altogether for storing data. Memory sticks are just too easy to lose. Also they get broken, corrupted and infected with viruses that they then pass on. If you must use one, make sure it is encrypted.
How Does GDPR Change Things?
In some ways GDPR shouldn't really make anything different than it was before. Losing personal data was a bad thing before GDPR, and it will still be a bad thing after GDPR. Where GDPR changes things a bit is that it requires schools to be aware of where all their personal data is, and to be able to delete it or update it if required. In other words it is not a good idea to have personal data scattered across 10 different laptops, maybe in multiple copies of the same spreadsheet. Hence why storing documents centrally in Office 365 is a good idea. One document and one set of data but accessible by multiple teachers, be they at home or in school. As everyone can collaborate on the same document, you don't end up with multiple copies, maybe with slight variations so you start wondering which has the correct data. And because everyone can access the document from wherever they have an internet connection, then there is no longer any need for documents to be copied on to laptops or memory sticks so they can be taken home to be worked on after school.
If you'd like to discover more about how Office 365 can help with data security and management then please read this previous article: Office 365 Security and Compliance Features. For example you might want to consider enabling multi factor authentication on any Office 365 accounts that have access to particularly sensitive personal data.
And if you're worried about whether you're data is safe in Office 365, then please see this article: Office 365 - Is My Data Safe?
Windows 10 BitLocker - If you have laptops that will hold personal data they need to be encrypted. Ideally, laptops should be encrypted whatever. Just in case someone puts personal data on one and then takes it off site. So that's Windows 10 and BitLocker.
Office 365 - Consolidate data storage, share it securely and access from anywhere. This prevents the creation of multiple unknown copies that may then be stored on portable devices that can be lost.