You must take steps to ensure that the way you handle data in your school is in line with the new rules under the General Data Protection Regulation (GDPR). Here are the resources you need to get compliant and stay compliant.
The GDPR will affect schools' commercial trading activities slightly differently to their core education services. If your school runs activities for profit, for example a sports centre or evening adult learning classes, read on to see how the rules differ.
Use this article to figure out how to handle the contact details of parents under the GDPR, and when you will need consent to contact parents. We look at scenarios including messages about emergency situations, marketing and fundraising, and sending out newsletters.
You need to ensure GDPR compliance for your visiting staff who have access to personal data held by your school. Use the following guidance to help you determine their employment status and satisfy yourself that they’re compliant.
Your contracts with third parties which process personal data on your behalf must cover new points to be GDPR-compliant. Download our checklist to make sure your contracts address the new rules, and send our template letter to carry out the required due diligence on your suppliers.
The GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Read on to find out what kind of data is defined this way in schools, and the conditions you can use to justify why you need to process it.
Read this article for guidance on recording consent to process pupils’ personal data under the GDPR. You can also see examples of how two schools are managing consent, plus some top tips to help you manage your consent procedures efficiently.
Figure out what to do with your old photographs of pupils and staff with the GDPR in place. We look at whether previous consent will be enough and explain that you may not need to seek consent if archiving photos for certain purposes.
Use our process to help you work out whether you need to seek consent for processing personal data under the GDPR. If you do, use our template consent forms that cover the most likely situations where you'll need to seek consent or use our checklist to ensure your own forms meet the new rules.
As a MAT, you're the legal entity responsible for data processing across your schools, and so the responsibility for GDPR compliance sits with you. Here are the steps you now need to take to get your trust ready.
Under the GDPR, it’s crucial to identify the lawful basis (or legal reason) you can use to justify why you process personal data. Use the process below to work out which of the 6 lawful bases to use for each of your data processing activities, and avoid wasting time seeking consent that you don't need.
Use our downloadable audit template, which includes school-specific prompts, to help you identify the personal data you hold. Carrying out an information audit will help you to meet requirements under the GDPR.