As a new headteacher, there are lots of things I don’t know – and the last two terms have highlighted such things on plenty of occasions. Having been a teaching deputy, the move to completely outside the classroom has been a real shock to me, and highlighted the huge amount of stuff that headteachers deal with that I just never thought about before.
As a teacher, even as a deputy, I never thought for a second about asbestos surveys, or electrical cabling, or lettings agreements. To be honest, I didn’t spend a huge amount of time thinking about the budget either. But at the back of my mind, I knew that these things would come, and perhaps more importantly, I knew there would be other heads there to help me.
But occasionally, turning to my headteacher colleagues within the academy trust, or the locality group – or even across the country via social media – can turn up a blank. There are just a few cases where as much as I feel on my own with things, I know too that other heads are feeling the same. The latest case in point is GDPR: the General Data Protection Regulations.
There’s no shortage of advice on the internet about data protection – much of it largely designed to get you to buy in the services of the experts at some considerable cost. Similarly, there are generic advice guides such as that produced by the Information Commissioner which includes such gems as “You should identify the lawful basis for your processing activity in the GDPR”. While I’m sure that’s true, strangely enough my NPQH training didn’t include much detail on the lawful bases for processing data.
There is some small comfort in knowing that other heads feel equally unprepared for this shift – although it’s very small comfort indeed. I speak as one of the lucky ones: as a head in an academy trust, I can rely on the support of the central team to take on some of the responsibility. We have a centrally-appointed data protection officer who can support heads in the schools. Many of my maintained school colleagues are struggling to find someone to take on that very important – but risky – role.
The guidance seems contradictory: can your business manager take on the role? Does the DPO need to be employed all year round? What about small schools where the admin team might consist of a single part-time employee?
And while local authorities might once have acted in the role that academy trusts now can, the fragmentation of the maintained sector makes even that impossible. Heads feel alone and uncertain, yet constantly reminded of the potential for huge penalties if mistakes are made.
Given that thousands of schools all over the country will be facing the same challenges, you might expect that the Department for Education would be making tools available to support schools with making decisions, carrying out audits and clarifying contracts. Surely there must be thousands of schools using common software to store and exchange data; could the DfE have set up model contracts for all schools and suppliers to use, or at least created a central database of suppliers to show how they are meeting the GDPR requirements. But apparently not. It is left for each school or academy trust to do this work itself.
It won’t go unnoticed that this lack of central support that leaves schools duplicating work, taking on significant administration and adding hours to the work of school leaders comes at the same time as the department shares its messages about reducing workload. I wonder if they spot the irony?
Michael Tidd is headteacher at Medmerry Primary School in West Sussex
The Tes guide to GDPR can be found at tes.com/GDPR