Cloud Services and the Data Protection Act
The Department for Education has issued advice for schools on cloud software services and the Data Protection Act.
The advice “outlines how schools need to consider data security when moving services and sensitive information to the internet-based facilities of cloud computing”, the DfE said.
The publication, which can be viewed here, covers:
- Data protection obligations;
- Key obligations for schools: overarching legal requirements; data processing; data confidentiality; data integrity; service availability; data transfers beyond the European Economic Area; use of advertising;
- Self-certification and how it works: supplier responsibilities; the Department for Education’s role;
- Using checklists; supplier checklists; accessing further information.
The advice applies to all maintained schools, academies and free schools.
A major outcome of this DFE advice is self-certification checklists that companies supplying cloud software services can complete. Schools can use these lists to help them decide if they are happy to make use of a company’s services with reference to data protection. Links to these checklists can be found towards the end of the above mentioned publication in the section listed Supplier Checklists