GDPR: Who is responsible?

General Data Protection Regulations (GDPR) raised many issues across our employers, but especially in West Sussex maintained schools. Branch negotiations officer Brian Walter takes up the story.

“Prior to GDPR, county schools had a nominated person responsible for data management in  their school. This would usually be the bursar or business manager. However, with GDPR being both a collective and individual responsibility, the scope of data management widened  considerably.

“Several members contacted us to clarify where they now stood because they felt existing  grades did not accurately reflect the increased responsibility. A couple of members helped gather the evidence we needed to support our case, allowing us  to present robust evidence to WSCC HR so the extra responsibility of ‘GDPR manager’ could be correctly evaluated.

Branch Negotiations Officer

Brian Walter

“Our reps and the branch office worked successfully together with the council’s HR service to produce a fully evaluated role description. This was sent out to members who had contacted  us for their approval.

“I’m pleased to say the job evaluation process produced a fair assessment of the extra  responsibilities involved. Our work now is to make sure all those members affected by this are told about the reevaluation and take steps to get their role profiles changed accordingly.”

“But this was a good outcome reflecting effective partnership working between the union and  the council.”