The process in which organisations request school pupil data has changed to reflect the introduction of the General Data Protection Regulation (GDPR) in May this year.
GDPR changes the way all organisations, including academic and public institutions, can collect and use personal data, as well as increasing the penalties for those who fall foul of the new rules.
To comply with these changes, the Department for Education (DfE) has asked that all organisations, including researchers, academics and businesses, first register with the Office for National Statistics (ONS) before they can request information from the national pupil database – which holds information on more than 21 million existing or former pupils.
Before data can be accessed, organisations must be accredited by the ONS as an “approved researcher”, of which there are around 500 currently.
While reception of the new data privacy process has been widely positive, experts agree with concerns that the ONS is simply not equipped to deal with a large number of applications for data and accreditation over the coming months and years.
Philip Nye, from Education Datalab, said: “I’d say that it’s a step in the right direction, to a more secure set-up.
“But we’ve got concerns in the short-term given the speed with which the new system has been brought in, especially around the capacity of the ONS team to handle the additional workload that’s going to be coming their way.”
Likewise, commentators have also warned that the Government is not doing enough to protect student data and have called for increased transparency.
Jen Persson, from campaign group Defend Digital Me, said: “Users will still have access to data on millions of children, including names in some instances. We will continue to call for transparency so children and families know where their data goes.”
Commenting on the new system, a DfE spokesperson said: “We worked with the ONS to ensure efficient handling of the new workload and we remain confident that this will make accessing data faster and easier, as well as increasing data security and improving public trust.”
For now, however, schools and academies should ensure that they remain compliant with new data regulations and be prepared to adapt to future changes, best achieved by implementing a dedicated data protection officer.
Gill Freeman, Partner at Milsted Langdon, said: “It is vital that academies get up to date with the latest data protection regulations.
“If you are unsure about anything regarding data protection it is important that you seek specialist advice.”
For more information about how Milsted Langdon can help, please contact Gill at email@example.com or by calling 01935 383500.