You are here:

Last reviewed on 25 November 2021
Ref: 34667
School types: All · School phases: All

Use our mythbuster to separate the fact from the fiction around the UK GDPR when it comes to visitor books, photo archives, consent and more.

Myth Fact You need to seek consent for all the personal data you process You probably won't need to seek consent that often. You need to have a ‘lawful basis’ (legal reason) for processing personal data, and consent is just 1 of 6 lawful bases you can use. Only use consent where none of the other bases apply, as the standard for getting consent is very high and individuals can say no or withdraw it at any time, which could cause you problems. Follow our process to decide if any of the other bases apply, before you consider seeking consent. The UK GDPR contains specific rules about how long you can retain records for The UK GDPR contains principles for good management of personal data, rather than specific rules on how you must do things. It doesn't set out record retention periods, or particular security measures that you need to put in place. It's up to you to decide this, based on what is appropriate

More from The Key


Bitesize training with a big impact

Our on-demand training has your whole board covered and lets them learn at a time and pace that suits them.

Help your new governors hit the ground running with our expertly-designed induction training, and our role-specific courses support your link governors develop key skills and confidence in their role.


New eLearning: DSL refresher training

Your DSL’s training should be refreshed at least once every 2 years. 

Designed in collaboration with safeguarding experts, our 2.5 hour online refresher training course reminds DSLs how to put their knowledge into practice, with in-depth, real-world scenarios.


The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.