Despite high levels of awareness regarding the incoming EU General Data Protection Regulation (GDPR) only 22 per cent of schools, colleges and universities of the 500 surveyed felt their data protection policies were compliant. Furthermore, 70 per cent said that if they fell foul to a data breach, they wouldn’t be able to evidence that the correct procedures were in place.
The research, conducted by NW Security Group, sought the feedback of head teachers, governors, IT, security and facility managers in the North West of England to determine their awareness levels of, and adherence to, the GDPR.
Key findings:
- Only 22% of respondents believe their data protection processes are GDPR compliant
- 64% are aware of the GDPR but require further information regarding its impact
- 11% of schools, colleges and universities have experienced a data breach and not informed the Information Commissioner’s Office (ICO)
- If made aware of a data breach, 14% of respondents would ignore the issue and hope the problem resolves itself
- 31% of respondents don’t believe their employees and contractors are adequately trained in data protection
The survey also highlighted that only 16 per cent of educational institutions had fallen victim to a data breach, despite a rapid increase in attacks in recent times targeted at the sector.
Nigel Peers, Security and Risk Management Consultant at NW Security Group said, “these findings are concerning, especially considering GDPR’s imminent deadline. This is putting educational facilities at great risk of severe fines and reputational damage. There appears to still be a large amount of confusion regarding the regulations, and with 64% of those who’d heard of the GDPR still requiring further information, it is clear more work is needed to propel educational facilities towards full compliance.”
“Employees are a school, college or university’s first line of defence and if they are unable to identify what a data breach is, the likelihood of achieving GDPR compliance is dramatically reduced. That is why it was concerning to learn that, according to our survey, 31% of respondents didn’t believe their employees and contractors were adequately trained in data protection.”
To learn more about the state of GDPR readiness in the education sector, read NW Security Group’s latest white paper: The GDPR: Is your school, college or university compliant? https://www.nwsystemsgroup.com/gdpr-education-compliant