UK GDPR: make sure your suppliers are compliant
You must make sure that any third parties that process personal data for your school meet UK GDPR requirements. See the steps you'll need to take, and download our checklist for your provider contracts.
Make sure your 'data processors' comply with data protection law
Data processors are third parties that process personal data on your behalf and under your instructions. They may include:
- Payroll providers
- School club providers
You must make sure your data processors comply with the UK General Data Protection Regulation (UK GDPR). See the section below for details on how to do this.
You don't need to do this for 'data controllers'
Data controllers are the main decision-makers, exercising overall control over how the personal data is processed. They may include:
- Awarding bodies
- Other schools or trusts
This information comes from the ICO. Take a look at its guidance if