Whether you are storing staff or pupil data, or answering requests for information on the data you hold, you must do it lawfully. Ensure data management and processing is compliant with data protection law with the resources below.
All schools are required to have a policy on data protection. Use our data protection model policy to tailor a document that meets the needs of your setting
Lawyers Ian Deakin and Dai Durbridge answer questions about legal aspects of the recruitment process, including information requests, data retention, contracts and references
A data protection impact assessment is a legal requirement undertaken when data processing may result in a high risk to individual rights. Caroline Collins explains what they involve and how to do one
All staff are responsible for complying with data protection law. Caroline Collins offers questions different staff members can ask their data protection officer to clarify their understanding
Under the GDPR you are required to explain your legal grounds when answering a SAR. Lisa Griffin describes what is involved in receiving a right to access request
Communicating how you will use personal data is most commonly done in a privacy notice. Lisa Griffin offers a checklist to help create your privacy notices and guidance on gaining consent
