Whether you are storing staff or pupil data, or answering requests for information on the data you hold, you must do it lawfully. Ensure data management and processing is compliant with data protection law with the resources below.
Good record keeping is essential to keep files secure, up to date and to protect pupils. Follow this best practice for keeping, storing and destroying safeguarding files
Lawyers Ian Deakin and Dai Durbridge answer questions about legal aspects of the recruitment process, including information requests, data retention, contracts and references
A data protection impact assessment is a legal requirement undertaken when data processing may result in a high risk to individual rights. Caroline Collins explains what they involve and how to do one
All staff are responsible for complying with data protection law. Caroline Collins offers questions different staff members can ask their data protection officer to clarify their understanding
Under the GDPR you are required to explain your legal grounds when answering a SAR. Lisa Griffin describes what is involved in receiving a right to access request
Communicating how you will use personal data is most commonly done in a privacy notice. Lisa Griffin offers a checklist to help create your privacy notices and guidance on gaining consent
The GDPR requires you to maintain records of your data processing activities. Use this template and guide to map the personal data and information you hold, where it came from and who its shared with
Under the GDPR, many schools are required to have a DPO. Lisa Griffin provides guidance on the responsibilities of the role and who can and can’t undertake it
