Compliance To Do List

 Download List

1.     Have we evaluated our current practices and procedures to ensure that they meet the demands of the Acts? 
2.     Have we completed a risk assessment data protection audit using the Compliance Checklist?  See Auditing through a Compliance Checklist
3.     Have we appointed an individual to oversee responsibility for data protection?

Have we developed an internal data protection policy?  See Data Protection Policy Template

Note to ETB schools: the school’s data protection policy shall be promulgated by the ETB and handed down to the school board of management to be ratified and adopted.  In this way, all ETB schools in a ETB area will have consistent Data Protection Policies. 

5.     Is a copy of the school/ETB Data Protection Policy sent to all parents/students at enrolment, at the beginning of each academic year and/or when the policy is updated as appropriate in the school/ETB?
6.     Have we developed and adopted a Personal Data Security Breach Code of Practice in case things go wrong? See Personal Data Security Breach Code of Practice Template

Where we have third parties processing personal data for us (e.g. CCTV monitoring companies, external HR/payroll companies, cloud computing, off-site archiving etc.), do we have written data processing agreements/service level agreements in place? See Content of Service Agreements

Does this data processing agreement/service level agreement incorporate our school/ETB Personal Data Security Breach Code of Practice?

8.     Awareness and Training: Are all staff aware and have they been properly on their data protection responsibilities? Are all members of staff aware of the school's/ETB’s Data Protection Policy and the Personal Data Security Breach Code of Practice? Are refresher courses required?
9.     Are we aware of our security obligations and are we keeping our data safe? Do we have adequate security measures in place such as password protection and an adequate level of encryption?(Note encryption is essential on portable devices holding personal data such as laptops).  
10.   Are all staff, parents and students aware of the Guidelines for Taking and Using Images of Children in our School/ETB?
11.   Have we developed and adopted a School/ETB Enrolment Data Protection Statement?
12.   Have we developed and adopted a Personal Data Rectification/Erasure Request Form
13.   If our school/ETB has a website that collects data from visitors to the site, have we developed and adopted a Website Privacy Statement in consultation with our website designer/provider to ensure that they are correctly and fully disclosing all the information which our school/ETB website gathers and uses and asking for consent where we use cookies? See Website Privacy Statement Template
14.   If our school/ETB has or intends to have a CCTV system in place, have we carried out a Privacy Impact Assessment (see the appendix to the CCTV Policy Form) and have we developed and adopted (in consultation with all relevant parties) a CCTV Policy? See CCTV Policy
15.   Do we have a retention policy in place, and are all members of staff aware of and fully trained in relation to the Records Retention Schedule? See Records Retention Schedule