Coronavirus: keeping self-isolation recordsDownload and share our template with your schools so they can collect records of who is self-isolating and who has tested positive for COVID-19. Plus, get clear on when you can share this information under data protection law, including when and what you can tell others about a possible or confirmed case in one of your schools.
Email security: sending personal dataAny personal data you send by email must be kept secure. Use our tips to help you keep personal data safe in emails to ensure you’re doing everything you can in line with the UK GDPR to avoid a data breach.
GDPR for commercial activitiesThe GDPR will affect your schools' commercial trading activities slightly differently to their core education services. If any of your schools run any activities for profit, for example a sports centre or evening adult learning classes, read on to see how the rules differ.
GDPR jargon busterThe world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
GDPR: managing your photo archivesFigure out what to do with your old photographs of pupils and staff with the GDPR in place. We look at whether previous consent will be enough and explain that you may not need to seek consent if archiving photos for certain purposes.
GDPR mythbusterAvoid the scaremongering around the GDPR and use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.
GDPR: seeking consent for processing personal dataUse our process to help you work out whether you need to seek consent for processing personal data under the GDPR. If you do, use our template consent forms for where you'll need to seek consent or use our checklist to ensure your own forms meet the new rules.
Processing data: at what age can pupils give consent?The UK General Data Protection Regulation (UK GDPR) does not define the age at which children can consent other than in the context of online services. Learn about guidance and good practice on seeking consent from pupils and the separate law on biometric data.
'Special category' data under the UK GDPRThe UK GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Read on to find out what kind of data is defined this way, and the conditions you can use to justify why you need to process it.
Subject access requests: guidance and template formsIndividuals have the right to request access to the information you and your schools hold about them under the UK GDPR. Use this guidance and our template forms to help you comply with subject access requests and know when you can refuse them.
Taking and displaying pupil photos and informationThere are no hard and fast rules under the GDPR specifically on displaying pupil photos or other information, but you must have a 'lawful basis' for using personal data, and seek consent where necessary. Use the advice below to work out how best to manage this in your school.
Taking documents home: securing personal dataPersonal data accessed by staff at home must be kept secure. With more staff than ever working remotely, take these steps to keep documents containing personal data safe, to avoid a data breach and stay compliant with the GDPR.
The UK GDPR: summaryThe UK General Data Protection Regulation (UK GDPR) determines how you must process and store personal data - understand what you have to do and how the data laws have changed since Brexit.
UK GDPR: ensuring your suppliers are compliantYou must make sure that any third parties who process personal data on your behalf will do so in line with the UK GDPR’s requirements. See the steps you'll need to take, and download our checklist so you know what details you must include in your contracts with these providers.
Using personal devices: securing personal dataPersonal data accessed by staff on their own devices, such as through remote working or BYOD policies, must be kept secure. Take these steps to ensure the security of personal devices and keep data safe, to avoid a data breach and stay compliant with the GDPR.