GDPR resource hub
This is your go-to hub for practical support with preparing for the General Data Protection Regulation (GDPR), so you're ready when it comes into force on 25 May 2018.
Understanding the GDPR
- The General Data Protection Regulation explained
This article will help you get to grips with the key points of the legislation.
- How to prepare for the General Data Protection Regulation
Here are the actions you need to take to get your school ready for these reforms.
- Jargon buster
The world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
Avoid the scaremongering - use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.
Updating your staff
- We summarise the GDPR in just one page, which you can download as a ready-made resource to share with colleagues.
- 10-minute briefing for staff
Available now on CPD Toolkit: ready-made training resources that you can use to update your team about the GDPR. (CPD Toolkit membership required).
Learn more about CPD Toolkit
Identifying what data you hold and why
- Information audit: template
Use our downloadable audit template, which includes school-specific prompts, to help you identify what personal data you hold.
- How to choose which ‘lawful basis’ to use under the GDPR
Use the process in this article to work out which of the 6 lawful bases to use to justify each of your data processing activities.
- Seeking consent for processing personal data
Use our checklist to help you meet the new rules around consent, and download our template form for seeking consent to take photographs of pupils.
Appointing your data protection officer
- The role of the data protection officer (DPO)
Under the GDPR, schools must appoint a data protection officer. Read about the duties of the role and download our template job description.
- Data protection officer: who can it be?
Read on for our experts’ recommendations on who to appoint, depending on your context.
- Poll results: who are schools choosing as their data protection officer?
We asked 1,000 of our school leader community how their schools are responding - let them help you to make a call on your DPO.
Reviewing your processing procedures
- Data protection policy and privacy notices: models
Download our GDPR-compliant model data protection policy and privacy notices, approved by Forbes Solicitors, and adapt them to your school's setting.
- Ensuring your suppliers are compliant with the GDPR
Use our checklist and template letter to carry out the required due diligence.
- Subject access requests: guidance and template form
Use this guidance and our template form to help you comply with subject access requests.
- Getting GDPR-compliant across your MAT
In a MAT, the trust is the legal entity responsible for data processing across its schools - use this advice to get your whole trust ready for the new regulations.
- Taking and displaying pupil photos and information
The GDPR makes little difference to how you can display information about pupils in school, but it's a good idea to reassess and make sure it's alright under the GDPR.
Personal data accessed by staff on their own devices, such as through remote working or BYOD policies, must be kept secure.These tips will help you do this.
- What your PTA needs to do to comply with the GDPR
Give our downloadable GDPR to-do list to your parent teacher association (PTA) to help it prepare for the regulations, and find out how to stay compliant when sharing personal data with your PTA.
More from The Key
Covering a wide range of topics, including differentiation, assessment, SEND and growth mindset, CPD Toolkit has been created by subject experts and tested by teachers to guarantee practical, engaging training that's also excellent value for money.
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.