You are here:

GDPR resource hub

Last updated on 22 October 2018
Ref: 34178
School types: All · School phases: All
You must take steps to ensure that the way you handle data in your school is in line with the new rules under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. Here are the resources you need to get compliant and stay compliant.

GDPR compliance tracking

Compliance Tracker is free with membership of The Key. Store evidence of the steps you’ve taken to become compliant, read a breakdown of everything the law requires you to do, and get email notifications to help you stay on top of your to-do list:

Start tracking    What is Compliance Tracker?

Are you DPO for your school or trust?

Join more than 1,000 members who are already part of The Key's DPO network. You'll be the first to know about new resources and get exclusive insights into what other DPOs are doing from our polls and case studies:

Yes, I'm the DPO    Invite your colleague to the network


Please note: we're currently updating our model data protection policy and privacy notices, and some of the other articles listed below, to reflect more recent guidance from the Information Commissioner's Office on provisions in the Data Protection Act 2018. Subscribe to updates for any articles you're interested in by clicking 'save for later' at the top of the relevant article page. 

Understanding the GDPR

  • Jargon buster
    The world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
  • Mythbuster
    Avoid the scaremongering - use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.

Seeking consent to process personal data

  • Managing consent under the GDPR
    Guidance and top tips to help you manage your consent procedures efficiently, and examples of how two schools collect and record consent.

Updating your staff

Is your board up to speed?

Governors and trustees can access the resources they need on The Key for School Governors.

Identifying your data

Identifying what data you hold and why

  • Information audit: template
    Use our downloadable audit template, which includes school-specific prompts, to help you identify what personal data you hold.   
  • How to choose which ‘lawful basis’ to use under the GDPR
    Use the process in this article to work out which of the 6 lawful bases to use to justify each of your data processing activities.
  • Special category data
    Some data is classed as 'special category', meaning it's sensitive and needs more protection. Find out what kind of data is defined this way, and the conditions for processing it.

Appointing your data protection officer


 Reviewing your processing procedures

  • Data protection model policy 
    Download our GDPR-compliant model data protection policy, approved by Forbes Solicitors, and adapt it to your school's setting.  

Practical advice on the nitty-gritty of the GDPR

For more answers, go to the data protection section of The Key.

More from The Key


2020/21 Safeguarding INSET pack.

Amidst your ongoing planning for school reintegration and recovery, you’re also likely thinking ahead to your September INSET day. Safeguarding Training Centre has the resources you need.


Evidence-led training courses that make it easy to upskill staff, anytime, anywhere.

CPD Toolkit is the most effective way to virtually deliver evidence-led training and support the professional development of your staff. Downloadable courses and online 5-minute summaries provide flexibility for training, whether staff are participating as skeleton staff in-school, via video call or individually at their own pace.

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.