You are here:

GDPR: using online services in school

Ref: 35317
new on 28 June 2018
School types: All · School phases: All
In-depth article
Use this step-by-step guide before using online services such as educational apps and social media to stay compliant with data protection law. Make sure you’re clear on the risks to pupils' personal data, take appropriate steps to mitigate them and know when you need to get consent.

Article tools


  1. 1 What the GDPR and DPA say
  2. 2 Steps to take before you use any online service with pupils
  3. 3 Identifying a lawful basis
  4. 4 Additional actions if the service is necessary for educational purposes
  5. 5 Additional actions if the service is not necessary for educational purposes

Article features

  • 4 external links

More from The Key

CPD Toolkit Fresh

CPD Toolkit makes it easy to run training in-house

Covering a wide range of topics, including differentiation, assessment, SEND and growth mindset, CPD Toolkit has been created by subject experts and tested by teachers to guarantee practical, engaging training that's also excellent value for money.

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.