You are here:
UK GDPR: using apps and online services with pupils
If you're using educational apps or other online services with pupils, such as assessment platforms or homework portals, make sure you stay compliant with data protection law. Work through these questions before setting up a new app or service to figure out your responsibilities, then check your next steps.
Contents
Would you be the data controller?
If pupils’ use of the service would require your school to process any personal data, you'd be the data controller.
This would apply if:
- You need to collect and share personal data with the service provider (e.g. you'd give them the names of the pupils who will be using the service); and/or
- You receive data back from the provider (e.g. you'd get scores from a test done on the service)
However, if your school wouldn't need to process personal data, you wouldn't be the data controller.
You're not processing data if:
My school is the controller You’re responsible for
- 2021 exams: how to respond to subject access requests (SARs)
- 'Cheat sheet' for data protection officers
- Child protection records: transfer guidance
- Data protection impact assessments
- Data protection impact assessments: role of the DPO
- DPO's report to governors: template
- Email security: sending personal data
- Freedom of information: responding to requests
- GDPR: using technology to deliver remote learning
- How to respond to subject access requests in the summer holidays
- International data transfers under the UK GDPR
- Parents' right to access their child's educational record
- Pupil records: transferring to other schools or education providers
- Role of the data protection officer (DPO)
- Schools' reporting requirements
- 'Special category' data under the UK GDPR
- Subject access requests: guidance and template forms
- Taking and displaying pupil photos and information
- Taking documents home: securing personal data
- QuickRead: The UK GDPR
- The UK GDPR: summary
- UK GDPR: at what age can pupils give consent?
- UK GDPR audit
- UK GDPR: choose your ‘lawful basis’ for processing personal data
- UK GDPR: ensuring your suppliers are compliant
- UK GDPR mythbuster
- UK GDPR: personal data breach procedure
- UK GDPR: seeking consent for processing personal data
- UK GDPR: sharing safeguarding information
- UK GDPR: staff briefing
- UK GDPR: staff posters and handout
- UK GDPR: template record of processing activities
More from The Key
Bitesize training with a big impact
Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.
Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.
New eLearning: DSL refresher training
Your DSL’s training should be refreshed at least once every 2 years.
Designed in collaboration with safeguarding experts, our 2.5 hour online refresher training course reminds DSLs how to put their knowledge into practice, with in-depth, real-world scenarios.
- Need-to-know: DfE publishes new statutory guidance on the cost of school uniform 19 Nov 2021 08:51
- Need-to-know: STPCD 2021 published 4 Oct 2021 10:30
- In the news: Your weekly round-up for 20 to 27 August 2021 27 Aug 2021 08:00
- In the news: Your weekly round-up for 6 to 13 August 2021 13 Aug 2021 08:00
- In the news: Your weekly round-up for 30 July to 6 August 2021 6 Aug 2021 08:00
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.