Search results

Search tips

You may consider the following topics
  • The UK GDPR: summary Recommended - The UK General Data Protection Regulation (UK GDPR) determines how you must process and store personal data – understand what you have to do and the principles of data processing.
  • The UK GDPR: audit Recommended - Carry out a data protection audit, to make sure you comply with the statutory requirements under the UK GDPR and meet best practice. Check your records management and data processing practices, and evaluate the data protection training you deliver.
  • UK GDPR: seeking consent for processing personal data Use our guidance to help you decide whether you need to seek consent for processing personal data under the UK GDPR. If you do, download our template consent forms, or use our checklist to make sure your own forms meet the requirements.
  • UK GDPR: make sure your suppliers are compliant You must make sure that any third parties that process personal data for your school meet UK GDPR requirements. See the steps you'll need to take, and download our checklist for your provider contracts.
  • UK GDPR – the basics: staff briefing Give staff a 30-minute overview of the key principles and requirements of data protection law with our adaptable presentation, facilitator notes, quick quiz and staff handout. Get your staff up to speed on the UK GDPR and how to stay compliant in your school.
  • The UK GDPR: template record of processing activities Under the UK GDPR, you must record how you process the personal data you hold. Use our template and guidance to help you comply with this requirement now and on an ongoing basis in your school.
  • GDPR – seeking consent: staff briefing Give staff a 30-minute overview of the key principles and requirements of seeking consent with our adaptable presentation, facilitator notes, quick quiz and staff handout. Get your staff up to speed on seeking consent under the UK GDPR and how to stay compliant in your school.
  • Resource hub: DPO resource hub Use this resource hub for quick answers to your data protection questions, advice from experts, and downloadable resources to help you and your team to manage UK GDPR compliance.
  • 'Special category' data under the UK GDPR The UK GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Find out what kind of data is defined this way in schools, and the conditions you can use to justify processing it.
  • Using CCTV cameras in school You can have CCTV cameras in your school under the UK GDPR, provided you have a lawful basis for doing so. Learn about how the UK GDPR might impact your school's CCTV processes, and find out what you should consider before installing CCTV.
  • UK GDPR: ‘lawful basis’ for processing personal data Under the UK GDPR, you must identify a lawful basis (or legal reason) you can use to justify the specific purpose for processing personal data. Use our guidance to work out which of the 6 lawful bases to use and avoid wasting time seeking consent you don't need.
  • UK GDPR: sharing safeguarding information Be confident in how you share safeguarding information under the UK GDPR. Know the principles to follow, your legal basis for sharing data and your responsibilities for information sharing.
  • Subject access requests: guidance and template forms Individuals have the right to request access to the information your school holds about them, under the UK GDPR. Use this guidance and our template forms to help you comply with subject access requests and know when you can refuse them.
  • Information asset register: template and guidance Use our template to create an information asset register (IAR) for your school. This will help you stay compliant with the UK GDPR by keeping track of all the data you're responsible for.
  • Retaining first aid, accident and medical records Learn what records you need to keep following incidents in school that need first aid, as well as how long to keep the records to make sure you're complying with UK GDPR and relevant legislation.
  • DPO's report to governors: template Use our template to make sure you're giving your governors all the information they need to know about data protection and your school's compliance with the UK GDPR.
  • Parents' right to access their child's educational record Understand your responsibilities to allow parents to access their child's educational record so you can stay compliant with education law and the UK GDPR.
  • Bring your own device (BYOD) policies Find examples of 'bring your own device' (BYOD) policies for pupils and staff that you can use as inspiration when writing your own. The UK GDPR doesn't stipulate what these must include.
  • Taking and displaying pupil photos and information There are no hard and fast rules under UK GDPR on displaying pupil photos or other information, but you must have a 'lawful basis' for using personal data, and seek consent where necessary. Use our practical examples to work out how to stay compliant in your specific circumstances.
  • Email security: sending personal data Any personal data you send by email must be kept secure. Use our tips to help keep personal data safe in emails to make sure you’re doing everything you can in line with the UK GDPR to avoid a data breach, including 'phishing' scams.