Whether you are storing staff or pupil data, or answering requests for information on the data you hold, you must do it lawfully. Ensure data management and processing is compliant with data protection law with the resources below.
The Freedom of Information Act allows anyone to request information without giving a reason. Download the template to explain how FOI requests are handled in your setting
All schools are required to have a policy on data protection. Use our data protection model policy to tailor a document that meets the needs of your setting
Good record keeping is essential to keep files secure, up to date and to protect pupils. Follow this best practice for keeping, storing and destroying safeguarding files
Lawyers Ian Deakin and Dai Durbridge answer questions about legal aspects of the recruitment process, including information requests, data retention, contracts and references
A data protection impact assessment is a legal requirement undertaken when data processing may result in a high risk to individual rights. Caroline Collins explains what they involve and how to do one
All staff are responsible for complying with data protection law. Caroline Collins offers questions different staff members can ask their data protection officer to clarify their understanding
Under the GDPR you are required to explain your legal grounds when answering a SAR. Lisa Griffin describes what is involved in receiving a right to access request
