- Latest NewsUp-to-date articles giving you information on best practice and policy changes.
- Model PoliciesA comprehensive set of templates for each statutory school policy and document.
- Year PlannersPlan priorities across each term, ensuring key tasks are completed.
- Skill AuditsEvaluate your skills and knowledge, identify gaps and determine training needs.
In Unit 2, you looked at how GDPR looks in practice and you are now more aware of how GDPR sits in the school context. In this unit, you will look at how you implement GDPR and consider how you ensure that your legal basis, your subject access requests and your consents are all documented.
To recap, you have learned that:
- Personal data in schools relates to information about pupils, parents and staff.
- Sensitive personal data includes additional factors such as special educational needs, race, sexuality, religion and political beliefs.
- Staff must be aware of the need to keep data secure through the use of password protection and locked cupboards for paper files.
- Senior leadership teams must embrace GDPR to help embed it across the whole school.
- Data protection is the responsibility of every member of staff.
- A number of policies are impacted by data protection and these must be reviewed to reflect changes in GDPR.
- Whenever data is processed the school must identify, and document, the legal basis for it.
- There are six legal bases and the one that will be most commonly used is the public interest basis.
- GDPR is designed to provide greater protection to individuals and that there are eight individual rights.
- Privacy notices must be concise, intelligible, easily accessible and free of charge.
- Data protection impact assessments must be undertaken before starting a new project that involves data processing.
Aims and outcomes:
- Explore the benefits of a single compliance document.
- Understand the importance of undertaking an information audit.
- Gain a better understanding of privacy notices and when to use them.
- Learn how to deal with subject access requests.
Building upon the information and knowledge covered in the previous units, this unit is most suited to the SLT, governors and other staff with delegated responsibilities for GDPR implementation.
Unit 3: GDPR readiness
Step 1: Benefits of a single compliance document
Step 2: Questionnaire
Step 3: Retention schedule
Step 4: Information audit
Step 5: Staff training
Step 6: Privacy notices
Step 7: Subject access requirements
Step 8: Summary
End of Unit 3 quiz