You are here:

GDPR: using online services in school

Ref: 35317
Last updated on 28 June 2018
School types: All · School phases: All
In-depth article
Use this step-by-step guide before using online services such as educational apps and social media to stay compliant with data protection law. Make sure you’re clear on the risks to pupils' personal data, take appropriate steps to mitigate them and know when you need to get consent.

Article tools


  1. 1 What the GDPR and DPA say
  2. 2 Steps to take before you use any online service with pupils
  3. 3 Identifying a lawful basis
  4. 4 Additional actions if the service is necessary for educational purposes
  5. 5 Additional actions if the service is not necessary for educational purposes

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.