You have been introduced to the basic principles of GDPR and you now understand that this has implications for schools. In this unit, you will learn more about how GDPR will work in practice in your school.
Here’s a recap of what you learned in Unit 1:
- Data protection is embedded in law through the Data Protection Act 1998 (DPA).
- It is overseen by the Information Commissioner’s Office (ICO).
- Personal data is any information relating to an identified or identifiable person.
- Schools collect personal data about pupils, parents and staff.
- The DPA has eight principles; the GDPR has six principles.
- GDPR legislation will be in all EU countries and non-EU countries if they process data about EU citizens.
- GDPR will remain in force post-Brexit.
- There are bigger penalties under GDPR for non-compliance.
- GDPR focuses on individual protection, accountability and compliance.
- Schools will be required to appoint a data protection officer.
Aims and outcomes
- Explore the definition of personal data in your school.
- Think about ways to embed a culture of data protection ownership among all staff.
- Consider school policies that are affected by GDPR.
- Learn about the legal basis for processing personal data.
- Explore the eight rights for individuals provided by GDPR.
- Understand data protection impact assessments.
Step 1: Personal data in schools
Step 2: School culture and ethos
Step 3: Legal basis for processing personal data
Step 4: The GDPR and individual rights
Step 5: Data protection impact assessments
Step 6: Summary and reflection
End of Unit 2 quiz