GDPR resource hub

Last updated on 22 October 2018
Ref: 34178
School types: All · School phases: All
You must take steps to ensure that the way you handle data in your school is in line with the new rules under the General Data Protection Regulation (GDPR) and Data Protection Act 2018. Here are the resources you need to get compliant and stay compliant.

GDPR compliance tracking

Compliance Tracker is free with membership of The Key. Store evidence of the steps you’ve taken to become compliant, read a breakdown of everything the law requires you to do, and get email notifications to help you stay on top of your to-do list:

Start tracking    What is Compliance Tracker?

Are you DPO for your school or trust?

Join more than 1,000 members who are already part of The Key's DPO network. You'll be the first to know about new resources and get exclusive insights into what other DPOs are doing from our polls and case studies:

Yes, I'm the DPO    Invite your colleague to the network


Please note: we're currently updating our model data protection policy and privacy notices, and some of the other articles listed below, to reflect more recent guidance from the Information Commissioner's Office on provisions in the Data Protection Act 2018. Subscribe to updates for any articles you're interested in by clicking 'save for later' at the top of the relevant article page. 

Understanding the GDPR

  • Jargon buster
    The world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
  • Mythbuster
    Avoid the scaremongering - use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.

Seeking consent to process personal data

  • Managing consent under the GDPR
    Guidance and top tips to help you manage your consent procedures efficiently, and examples of how two schools collect and record consent.

Updating your staff

Is your board up to speed?

Governors and trustees can access the resources they need on The Key for School Governors.

Identifying your data

Identifying what data you hold and why

  • Information audit: template
    Use our downloadable audit template, which includes school-specific prompts, to help you identify what personal data you hold.   
  • How to choose which ‘lawful basis’ to use under the GDPR
    Use the process in this article to work out which of the 6 lawful bases to use to justify each of your data processing activities.
  • Special category data
    Some data is classed as 'special category', meaning it's sensitive and needs more protection. Find out what kind of data is defined this way, and the conditions for processing it.

Appointing your data protection officer


 Reviewing your processing procedures

  • Data protection model policy 
    Download our GDPR-compliant model data protection policy, approved by Forbes Solicitors, and adapt it to your school's setting.  

Practical advice on the nitty-gritty of the GDPR

For more answers, go to the data protection section of The Key.

More from The Key

Climbing ladder

Empower your governing board and drive school improvement together.

The Key for School Governors will give you total assurance that every member of your governing board is competent in their role, Ofsted-ready and working with you as one unified team.

Speaking presentation

CPD Toolkit makes it easy to run training in-house

Covering topics including differentiation, assessment, SEND and growth mindset, CPD Toolkit has been created by subject experts and tested by teachers to guarantee practical, engaging training that's also excellent value for money.

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.