You are here:
UK GDPR: ensuring your suppliers are compliant
You must make sure that any third parties that process personal data on your behalf will do so in line with the UK GDPR’s requirements. See the steps you'll need to take, and download our checklist to make sure you include the right details in your provider contracts.
Make sure your 'data processors' comply with data protection law
Data processors are third parties that process personal data on your behalf and under your instructions. They may include:
- Payroll providers
- School club providers
You must make sure your data processors comply with the UK General Data Protection Regulation (UK GDPR). See the section below for details on how to do this.
You don't need to do this for 'data controllers'
Data controllers are the main decision-makers, exercising overall control over how the personal data is processed. They may include:
- Awarding bodies
- Other schools or trusts
Even if you share data with a controller, you don't need to ensure their UK GDPR compliance in the same way as you do with processors. However, if you have concerns about their security measures, raise this with the controller or with the Information Commissioner's Office (ICO).
Get 'sufficient guarantees' that they follow
More from The Key
Bitesize training with a big impact
Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.
Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.