You are here:

  • Coronavirus: keeping health records Download and share our template with your schools so they can collect records of who is self-isolating and who has tested positive for COVID-19. Plus, get clear on when you can share this information under data protection law, including when and what you can tell others about a possible or confirmed case in one of your schools.
  • Email security: sending personal data Any personal data you send by email must be kept secure. Use our tips to help you keep personal data safe in emails to ensure you’re doing everything you can in line with the GDPR to avoid a data breach.
  • GDPR: ensuring your suppliers are compliant Download our checklist to make sure your contracts address GDPR compliance, and send our template letter to carry out the required due diligence on your suppliers.
  • GDPR for commercial activities The GDPR will affect your schools' commercial trading activities slightly differently to their core education services. If any of your schools run any activities for profit, for example a sports centre or evening adult learning classes, read on to see how the rules differ.
  • GDPR jargon buster The world of data protection is filled with jargon and technical terms, but our GDPR glossary makes it accessible for you.
  • GDPR: managing your photo archives Figure out what to do with your old photographs of pupils and staff with the GDPR in place. We look at whether previous consent will be enough and explain that you may not need to seek consent if archiving photos for certain purposes.
  • GDPR mythbuster Avoid the scaremongering around the GDPR and use our mythbuster to separate the fact from the fiction when it comes to visitor books, photo archives, fines, consent and more.
  • GDPR: seeking consent for processing personal data Use our process to help you work out whether you need to seek consent for processing personal data under the GDPR. If you do, use our template consent forms for where you'll need to seek consent or use our checklist to ensure your own forms meet the new rules.
  • GDPR: template record of processing activities Under the GDPR, you must record how you process the personal data you hold. Use our template and guidance to help you comply with this requirement now and on an ongoing basis in your MAT.
  • How to choose which ‘lawful basis’ to use under the GDPR Under the GDPR, it’s crucial to identify the lawful basis (or legal reason) you can use to justify why you process personal data. Use the process below to work out which of the 6 lawful bases to use for each of your data processing activities, and avoid wasting time seeking consent that you don't need.
  • How to comply with the General Data Protection Regulation Here's what you need to do to make sure your trust is compliant with the GDPR, in force since 25 May 2018.
  • Processing data: at what age can pupils give consent? The General Data Protection Regulation (GDPR) does not define the age at which children can provide consent other than in the context of online services. Read the requirements around age thresholds for consent, and follow good practice advice on seeking consent from pupils.
  • 'Special category' data under the GDPR The GDPR classifies some data as 'special category', meaning it's sensitive and needs more protection. Read on to find out what kind of data is defined this way in schools, and the conditions you can use to justify why you need to process it.
  • Subject access requests: guidance and template forms Individuals have the right to request access to the information you and your schools hold about them under the GDPR. Use this guidance and our template forms to help you comply with subject access requests.
  • Taking and displaying pupil photos and information There are no hard and fast rules under the GDPR specifically on displaying pupil photos or other information, but you must have a 'lawful basis' for using personal data, and seek consent where necessary. Use the advice below to work out how best to manage this in your school.
  • Taking documents home: securing personal data Personal data held in physical documents taken home by staff must be kept secure. Take these steps to ensure the security of these documents and keep data safe, to avoid a data breach and stay compliant with the GDPR.
  • The General Data Protection Regulation explained The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and determines how you process personal data and keep it safe. This article will help you get to grips with the key points of the legislation.
  • Using personal devices: securing personal data Personal data accessed by staff on their own devices, such as through remote working or BYOD policies, must be kept secure. Take these steps to ensure the security of personal devices and keep data safe, to avoid a data breach and stay compliant with the GDPR.