I am posting the following here at the advice of out Account manager. It relates to a number of iSAMS modules and issues we have in applying GDPR principles with the tools provided within iSAMS.
Under GDPR good practice we wrote a list of the data we hold and our desired policy for managing that data, but paused our thinking when it became clear iSAMS did not have the required functionality. The following, therefore, is a considered but not necessarily complete list, with the decisions being itemised based on best-practice data retention model policies for schools.
Registered students:
On leaving school - end of each academic year - Emergency contact's data; passport data; any data held on banking details.
Aged 25 years, or 6 years from leaving, whichever is earlier - end of each academic year: Health and Medical Centre records; parental addresses; internal exam results; grading; reports; baseline data (tracking); academic profile (set history); entrance exam and admissions details; registration data (attendance); reward and conduct records.
Aged 35 years - SEND records
Never: Name, Date of Birth, House, Parents' Names; Date of enrolment; Date of leaving; Public Exam results; School colours etc. records
Admissions - students who do not join
5 years from last query or aged 18 - all records. (We can do this at the moment through nested query but that is a job that should be more-easily automated)
Staff/HR
On leaving employment - Next of kin details
6 years from leaving - absence records, health records, bank details/payroll etc. qualifications
Never: Name; Date of Borth; House; Role; Date of Start and End. Serious disciplinary records of potential interest to wider authorities
Staff - non joiners (typically get offered a role but never start)
5 years from last query - all records
Private candidates in Exams Manager
An efficient mechanism for managing old data is required, based on date of last update to that data
Additionally:
Less a GDPR issue but more a challenge for good management of the systems, there is no obvious way to clear out old data for:
Internal Exams - old cycles
Old calendar Events
With 14 years of data in these modules they are slow and unwieldy and it is only going to get worse.
