DPAT Test For Schools



Your institution has an appropriate data protection policy:

No we don't have the policy
We are planning on it
it's in the process of being implemented
Yes we have the policy




Your institution provides data protection awareness training for all staff:

  No, we have never provided the awareness training
We are planning on giving the training
Yes, we have provided training for some of the staff
Yes we have provided the training for all staff




Your institution has a written contract with any processors you use:

No we don't
We are planning on it
It is in place but not written
yes we have a written contract with processors




We process sensitive personal data or data relating to children or vulnerable groups:

  No, we don't
We do it sometimes
We do it regularly
Yes, we do




Your institution manages information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.

No we dont
We do it at times
We regularly do
yes we do




Your institution has implemented appropriate technical and Institutional measures to integrate data protection into your processing activities;

No we don't
Sometimes
Regularly
Yes, we do




Your institution understands when you must conduct a DPIA and has processes in place to action this:

No we dont know when
We have conducted a DPIA long ago
We conducted DPIA regularly
We conduct DPIA when necessary




Your institution has a DPIA framework which links to your existing risk management and project management processes.

No we don't
We are working on it
Yes we have a framework in place




Your institution has nominated a data protection lead or Data Protection Officer (DPO).

No we have not nominated a DPO
we are planning on nominating a DPO
we have a nominated a DPO




Decision makers and key people in Your institution demonstrate support for data protection legislation and promote a positive culture of data protection compliance across the business.

  No, they dont
Some of them do
Most of them do
Yes, they do




Senior leaders understand their responsibilities and have attended detailed training:

No they do not and have not attended a detailed training
some of them understand their responsibility
They understand their responsibilities but have not attended a detailed training
They understand their responsibility and have attended detailed training




Administrative staff understand their responsibilities:

They do not
They are plans in place
They are being educated
They are fully aware




Teaching staff understand their responsibilities

The do not
They are plans in place
They are being educated
They are fully aware




There is a record of which staff have taken Data Protection training and when

No there is not.
plans are in place
We are collecting the data
Yes we have the records




We have appointed a data protection officer who is impartial.

No we dont
We are looking for one
We have a recent one
we have always had one




The DPO’s contact details have been shared with all data subjects

No we dont
has been shared to some
has been shared to majority
Yes we do




We have reviewed all our data processors – everyone we share data with and the software we enter data into

never have we reviewed them
we are planning on reviewing them
we are reviewing them
we have reviewed them




We have also reviewed software and apps used in classrooms by teachers.

No we have not reviewed the apps.
we are planning on reviewing them.
we have are reviewing them.
we always reveiw class apps before they are used.



We use due diligence with suppliers and have data processing agreements in place

No we have no processing agreements
We are comming up with processing agreements
We have some processing agreements with some suppliers
We always have data proccessing agreements with suppliers




Your institution ensures an adequate level of protection for any personal data processed by others on your behalf that is transferred outside the country

No we dont
We have minimum level of protection
we have high level of protection
We ensure all the data is protected




We understand when we would need to conduct a data protection impact assessment (DPIA)

We do not know what DPIA is
We have never conducted DPIA
We are learning about DPIA
We know when to conduct DPIA




Your institution monitors your own compliance with data protection policies and regularly reviews the effectiveness of data handling and security controls.

No we dont
we are learning about it
We did it once a long time ago
Yes we do




We only collect data we need to process

We collect alot of data some we dont need
most of the data collected is unnecessary
some of the data collected is unnecessary
we only collect necessary data




It is clear why we are processing the data in our privacy policy and privacy notices

It is not
Some of it is clear
Most of it is clear
All of it is clear




We only keep data that we have a documented reason to keep

We keep all data collected
We get rid of some of the data not used
We get rid of most of the data not used
We get rid of all data that we don't use




We have updated our privacy notices for each group of data subjects

We have never
We did it a long time ago
We have done it for some groups
We have done it for all group




The personal data we hold is accurate and, where necessary, kept up to date; taking every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay

Not sure about accuracy of the data
The data was accurate when collected but never updated
The data was accurate when collected but updated take time.
The data is always upto date and rectified without delay.




We have implemented school-wide data and cyber security measures

No we have not implemented them
We are planning on implementing them
we are on the process of iplementing them
we have implemented them




We have updated our consent procedures

We have never updated them
We are planning on updating them
We are updating them
We have them updated




Your institution has provided privacy information to individuals.

No we dont have a privacy policy
We are planning on comming up with a privacy policy
we are comming up with a privacy policy
We have a privacy policy in place




If Your institution offers online services directly to children, you communicate privacy information in a way that a child will understand.

No we dont have any online service
We dont communicate our privacy policies to the children
We communicate about our policies to children but not clearly
We comunicate clearly to children about our privacy information.




Your institution has a process to recognise and respond to individuals' requests to access their personal data.

no we don't
We are planning on Working on it
We are working on it
It is in place.




Your institution has processes to ensure that the personal data you hold remains accurate and up to date.

no we dont
We have plans to ensure this is accomplished
We are implementing this
Yes we ensure that the data is accurate




Your institution has a process to securely dispose of personal data that is no longer required or where an individual has asked you to erase it.

No we never get rid of data
We are planning to start removing unwanted data
We get rid of some of the data
Yes we get rid of all unrequired data


NewsGrid

Scratch and Script is an EdTech company offering online labs and courses. We host a wide range of practical labs to a worldwide student body.

Email Newsletter

P.O Box 49874-00100, Nairobi, Kenya P: (+254) 727 361 217 Email:info@scratchandscript.com

Get a security test

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended.

Join Now

Copyright © 2023, All Rights Reserved