In line with the four-year anniversary of the General Data Protection Regulation (GDPR),

“While GDPR has had a huge impact on the privacy rights of millions inside and outside Europe, it hasn’t altogether stamped out the problem of how to truly protect individuals’ data – particularly not in the education sector. Yes, it reset people’s views on the data they held; yes, it clarified where the accountability lay when it came to data breaches; but did it make expert educators specialists in cybersecurity overnight in 2018? Not at all. In fact, in many schools and colleges, the cybersecurity basics are still missing. The reason being that the implementation of GDPR had a “big bang” effect for schools, colleges and academy trusts, in that it was very “blink and you’ll miss it” and the public sector simply could not be that responsive – it’s too disparate.
“What would instead be more useful for the education sector is a model of continuous improvement, one in which standards could evolve in line with technological development, and schools and governors had the time to upskill themselves in line with those changes too. Without one, we risk educators getting lost in a vicious cycle of panic followed by complacency and back again. Ultimately, legislating against the misuse of data has been effective in making particular technologies more ubiquitous, but it has done little in terms of social engineering to inspire real – and arguably more effective – behavioural changes. Once we have a regulation that encompasses the golden triumvirate (i.e. technology, legislation and social engineering all working together) schools and colleges can start making lasting changes, rather than temporary quick fixes.”

Nelson Ody, Cyber Security Product Manager, RM