Schools and other educational institutes are required to process vast amounts of personal data. They usually need information on pupils and parents, including safeguarding, contact information and in some cases financial details. It’s therefore essential that schools have appropriate data privacy...
The education sector was responsible for at least 172 data breaches in 2021, making it the second most vulnerable to security incidents. Only the public sector (263) suffered more publicly disclosed data breaches last year, according to data from our sister...
Schools share personal data with suppliers all the time, but because of the rules imposed by the GDPR (General Data Protection Regulation), they need to be careful about the way they use that information. The GDPR extends the scope of responsibility...
If your school is a maintained school or academy, then it is classed as a public authority and, under the GDPR, must appoint a DPO. This person is responsible for monitoring the application of the Regulation and advising and guiding the...
The data protection policy is the foundation of a school’s compliance with the UK GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018, and from which other policies, procedures and processes are based. It is an internal document that...
The GDPR (General Data Protection Regulation) outlines six lawful bases for processing personal data. In this blog, we look at one that’s causing a lot of problems for schools – processing that’s “necessary for the performance of a task carried out...
In this blog series, we outline which documents your school should have to support its GDPR compliance. In this blog, we outline the privacy notice....