The policies and processes schools and multi-academy trusts need to protect personal data and respond effectively to a personal data breach.
This toolkit will help school staff, governors and trustees:
- understand how to comply with data protection law
- develop their data policies and processes
- know what staff and pupil data to keep
- follow good practices for preventing personal data breaches
This advice is intended for maintained schools and academies. Independent schools are welcome to use it where appropriate.
-
Data protection legislation, and who and what it’s intended to protect.
-
The lawful grounds for accessing, collecting, storing and using personal, special category and criminal offence data.
-
Who is responsible for making sure data is processed securely in a school.
-
How data protection officers can help make sure schools are compliant with data protection laws.
-
How to comply and document compliance with UK GDPR and the Data Protection Act 2018.
-
Who you can share personal data with and what consent you need to get – for example, when publishing exam results and taking photos in school.
-
How to recognise and handle information rights requests relating to personal data in your school, including subject access requests.
-
Explains how to carry out an audit to check what personal data your school holds. You can use a data retention schedule to document how long you'll keep different types of data for.
-
Good practice for preventing personal data breaches in your school. It explains how to recognise and respond effectively to a personal data breach.