You are here:
UK GDPR compliance for visiting staff
You need to make sure all visiting staff who can access personal data held by your school comply with the UK GDPR. Use the following guidance to help you determine their employment status and satisfy yourself that they’re compliant.
Speak to the visiting staff member to determine their status
You need to make sure they understand their obligations under the UK GDPR. This is because visiting staff such as counsellors, educational psychologists or peripatetic teachers may have access to personal data through the work they do in your school.
You're the data controller, so you make the decision on how data is processed by the visiting staff member. This is true even if you determine that they're self-employed and have their own UK GDPR processes in place.
Speak to the staff member concerned to confirm what their employment status is. Use the following questions to help you do this:
Are they classed as self-employed?
As part of your due diligence process, you should ask the visiting staff member to provide you with evidence that they are compliant with the UK GDPR, for example, by giving you their own privacy notice.
As the data controller, you'll then need to decide if this is acceptable or if you want to issue your own for the staff member to agree to and work under.
Are they a temporary member of staff (is there some form of contract in place between them and your school)?
If the staff member is contracted to your school then they should fall under your school’s remit. You should make sure they process personal data according to your rules.
Are they unsure of their status?
If the staff member is unsure of their employment status with the school, they may fall under your school’s remit. To be on the safe side, you should make sure they process personal data according to your rules.
This was explained to us by the Information Commissioner's Office (ICO).
Document your compliance
Once you’re satisfied with the due diligence you’ve completed for the staff member, show your compliance by documenting it.
Your file for a self-employed individual could include a record saying, for example, that:
- They’ve provided you with their privacy notice
- You’re confident that they understand their obligations under the UK GDPR
- 2021 exams: how to respond to subject access requests (SARs) New
- 'Cheat sheet' for data protection officers
- Child protection records: transfer guidance
- Data protection impact assessments
- Data protection impact assessments: role of the DPO
- DPO's report to governors: template
- Email security: sending personal data
- Freedom of information: responding to requests
- GDPR jargon buster
- GDPR mythbuster
- GDPR: personal data breach procedure
- GDPR: seeking consent for processing personal data
- Help your staff understand the GDPR: posters and handout
- How to respond to subject access requests in the summer holidays
- International data transfers under the UK GDPR
- Parents' right to access their child's educational record
- Poll results: how is the DPO role taking shape?
- Poll results: who are schools choosing as their data protection officer?
- Pupil records: transferring to other schools or providers
- Role of the data protection officer (DPO)
- Schools' reporting requirements
- 'Special category' data under the UK GDPR
- Subject access requests: guidance and template forms
- Taking and displaying pupil photos and information
- Taking documents home: securing personal data
- QuickRead: The UK GDPR
- The UK GDPR: summary
- UK GDPR: at what age can pupils give consent?
- UK GDPR audit
- UK GDPR: choose your ‘lawful basis’ for processing personal data
- UK GDPR: ensuring your suppliers are compliant
- UK GDPR: sharing safeguarding information
- UK GDPR: staff briefing New
- UK GDPR: template record of processing activities
- UK GDPR: using apps and online services with pupils
More from The Key
Bitesize training with a big impact
Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.
Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.
INSET, prepared for you
Join thousands of schools already using Safeguarding Training Centre to prepare for September.
Reduce your preparation time, deliver memorable safeguarding training to your staff, and keep track of all your safeguarding duties for the new school year.
- In the news: Your weekly round-up for 11 to 18 June 2021 18 Jun 2021 08:00 New
- Need-to-know: Academy Trust Handbook 2021 published 17 Jun 2021 09:33 New
- In the news: Your weekly round-up for 4 to 11 June 2021 11 Jun 2021 08:00 New
- In the news: Your weekly round-up for 28 May to 4 June 2021 4 Jun 2021 08:00 New
- In the news: Your weekly round-up for 21 to 28 May 2021 28 May 2021 08:00 New
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.