• Sentry

    Compliance Dashboard

Sentry – Be Confident with Compliance

For an organisation to be fully GDPR compliant it must take action across many fronts. Personal data, managed poorly, can have negative consequences for individuals. Some of those consequences may be trivial while others may be extremely serious. Data Protection is a process of risk management to minimise the chances of those negative consequences occurring.

Compliance means that you need to identify and rate the risks, then look at means of mitigating them. You need to have a monitoring system in place and be ready to take corrective actions.

The Compliance function in the Sentry system is built on the guidance produced by the Information Commissioner’s Office “ICO”. The work required crosses all areas of an organisation and reaching full compliance takes time and effort.

Let’s look at an example – data sharing

You may not need to complete all of these sections. For example, the ‘Processor’ section is aimed specifically where you are acting as a data processor on someone else’s behalf. This can happen in some federations, or if you’re supporting another data controller. For most schools and trusts it’s not required.

You’ll also note a specific section on CCTV. Clearly if you have no CCTV then this section can be skipped.

We’ve picked the Data Sharing tab. You’ll see that this opens up another group of tabs. To be fully compliant there are 10 measures you need to put in place. Now let’s look at the first of these measures, the Data Sharing Policy.

Data Sharing Policy

The requirement listed is reasonably clear “Your organisation should have communicated policies, procedures and guidance to all staff that set out when it is appropriate for them to share or disclose data.”

We know that schools are asked to share data on a regular basis for areas like healthcare, educational and pastoral support and for students to have the opportunity for enrichment activities. This compliance requirement means that you need to have a policy document that allows staff to know when information can be shared.

Other measures then require that, for example, you have a named person taking responsibility for data sharing, that staff are trained, that you record sharing arrangements. Each measure is accompanied by descriptions of the requirement. Your data protection officer will be able to provide more advice on the requirements.

The notes and files section allows you to record information about how you’ve complied with the task. In this case you could upload a copy of your Data Sharing Policy.

The other parts of the Sentry system will allow you to comply with other requirements. For example. each data sharing partner should be recorded in the Suppliers section of the system. The activities for which the data is shared will be recorded in the process mapping section.

MORE INFORMATION

Download the Product Brochure

Visit the Sentry Page

Contact Us