You are here:

  • Coronavirus: keeping self-isolation records Download and share our template with your schools so they can collect records of who is self-isolating and who has tested positive for COVID-19. Plus, get clear on when you can share this information under data protection law, including when and what you can tell others about a possible or confirmed case in one of your schools.
  • Email security: sending personal data Any personal data you send by email must be kept secure. Use our tips to help you keep personal data safe in emails to ensure you’re doing everything you can in line with the UK GDPR to avoid a data breach.
  • GDPR for commercial activities The GDPR will affect your schools' commercial trading activities slightly differently to their core education services. If any of your schools run any activities for profit, for example a sports centre or evening adult learning classes, read on to see how the rules differ.
  • GDPR jargon buster The world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
  • GDPR mythbuster Avoid the scaremongering around the GDPR and use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.
  • Processing data: at what age can pupils give consent? The UK General Data Protection Regulation (UK GDPR) does not define the age at which children can consent other than in the context of online services. Learn about guidance and good practice on seeking consent from pupils and the separate law on biometric data.
  • 'Special category' data under the UK GDPR The UK GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Read on to find out what kind of data is defined this way, and the conditions you can use to justify why you need to process it.
  • Subject access requests: guidance and template forms Individuals have the right to request access to the information you and your schools hold about them under the UK GDPR. Use this guidance and our template forms to help you comply with subject access requests and know when you can refuse them.
  • Taking and displaying pupil photos and information There are no hard and fast rules under the GDPR specifically on displaying pupil photos or other information, but you must have a 'lawful basis' for using personal data, and seek consent where necessary. Use the advice below to work out how best to manage this in your school.
  • Taking documents home: securing personal data Personal data accessed by staff at home must be kept secure. With more staff than ever working remotely, take these steps to keep documents containing personal data safe, to avoid a data breach and stay compliant with the GDPR.
  • The UK GDPR: summary The UK General Data Protection Regulation (UK GDPR) determines how you must process and store personal data - understand what you have to do and how the data laws have changed since Brexit.
  • UK GDPR: choose your ‘lawful basis’ for processing personal data Under the UK GDPR, you must identify a lawful basis (or legal reason) you can use to justify why you process personal data. Use our guidance to work out which of the 6 lawful bases to use and avoid wasting time seeking consent you don't need.
  • UK GDPR: ensuring your suppliers are compliant You must make sure that any third parties who process personal data on your behalf will do so in line with the UK GDPR’s requirements. See the steps you'll need to take, and download our checklist so you know what details you must include in your contracts with these providers.
  • UK GDPR: template record of processing activities Under the UK GDPR, you must record how you process the personal data you hold. Use our template and guidance to help you comply with this requirement now and on an ongoing basis in your MAT.
  • Using personal devices: securing personal data Personal data accessed by staff on their own devices, such as through remote working or BYOD policies, must be kept secure. Take these steps to ensure the security of personal devices and keep data safe, to avoid a data breach and stay compliant with the GDPR.