Coronavirus: keeping health recordsDownload and share our template with your schools so they can collect records of who is self-isolating and who has tested positive for COVID-19. Plus, get clear on when you can share this information under data protection law, including when and what you can tell others about a possible or confirmed case in one of your schools.
Email security: sending personal dataAny personal data you send by email must be kept secure. Use our tips to help you keep personal data safe in emails to ensure you’re doing everything you can in line with the GDPR to avoid a data breach.
GDPR for commercial activitiesThe GDPR will affect your schools' commercial trading activities slightly differently to their core education services. If any of your schools run any activities for profit, for example a sports centre or evening adult learning classes, read on to see how the rules differ.
GDPR jargon busterThe world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
GDPR: managing your photo archivesFigure out what to do with your old photographs of pupils and staff with the GDPR in place. We look at whether previous consent will be enough and explain that you may not need to seek consent if archiving photos for certain purposes.
GDPR mythbusterAvoid the scaremongering around the GDPR and use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.
GDPR: seeking consent for processing personal dataUse our process to help you work out whether you need to seek consent for processing personal data under the GDPR. If you do, use our template consent forms for where you'll need to seek consent or use our checklist to ensure your own forms meet the new rules.
GDPR: template record of processing activitiesUnder the GDPR, you must record how you process the personal data you hold. Use our template and guidance to help you comply with this requirement now and on an ongoing basis in your MAT.
How to choose which ‘lawful basis’ to use under the GDPRUnder the GDPR, it’s crucial to identify the lawful basis (or legal reason) you can use to justify why you process personal data. Use the process below to work out which of the 6 lawful bases to use for each of your data processing activities, and avoid wasting time seeking consent that you don't need.
Processing data: at what age can pupils give consent?The General Data Protection Regulation (GDPR) does not define the age at which children can provide consent other than in the context of online services. Read the requirements around age thresholds for consent, and follow good practice advice on seeking consent from pupils.
'Special category' data under the GDPRThe GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Read on to find out what kind of data is defined this way in schools, and the conditions you can use to justify why you need to process it.
Taking and displaying pupil photos and informationThere are no hard and fast rules under the GDPR specifically on displaying pupil photos or other information, but you must have a 'lawful basis' for using personal data, and seek consent where necessary. Use the advice below to work out how best to manage this in your school.
Taking documents home: securing personal dataPersonal data held in physical documents taken home by staff must be kept secure. Take these steps to ensure the security of these documents and keep data safe, to avoid a data breach and stay compliant with the GDPR.
The General Data Protection Regulation explainedThe General Data Protection Regulation (GDPR) came into force on 25 May 2018 and determines how you process personal data and keep it safe. This article will help you get to grips with the key points of the legislation.
Using personal devices: securing personal dataPersonal data accessed by staff on their own devices, such as through remote working or BYOD policies, must be kept secure. Take these steps to ensure the security of personal devices and keep data safe, to avoid a data breach and stay compliant with the GDPR.