Schools share personal data with suppliers all the time, but because of the rules imposed by the GDPR (General Data Protection Regulation), they need to be careful about the way they use that information. The GDPR extends the scope of responsibility...

If your school is a maintained school or academy, then it is classed as a public authority and, under the GDPR, must appoint a DPO. This person is responsible for monitoring the application of the Regulation and advising and guiding the...

The data protection policy is the foundation of a school’s compliance with the UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and from which other policies, procedures and processes are based. It is an internal document that...

The GDPR (General Data Protection Regulation) outlines six lawful bases for processing personal data. In this blog, we look at one that’s causing a lot of problems for schools – processing that’s “necessary for the performance of a task carried out...

In this blog series, we outline which documents your school should have to support its GDPR compliance. In this blog, we outline the privacy notice....

Three easy ways schools can avoid the most common breaches reported by the education sector....

Why are schools being targeted by cyber criminals and what can you do to protect yourself?...

The education sector was responsible for 884 million leaked records across the globe in 2020, making it the third most affected by data breaches....

After years of negotiation, the UK finally left the EU on 1 January 2021, but many organisations are no closer to understanding the data protection ramifications of Brexit. Schools with close ties with the EU, may have to make major changes...

In this blog we outline when a DPIA is necessary for a school as well as the benefits of producing one...