GDPR checklist for schools

Download our free checklist to assess your school’s GDPR compliance

Compliance with the GDPR (General Data Protection Regulation) is only ever temporary, and should be viewed as an ongoing project. As school processes develop, new staff arrive and new systems are implemented, it’s essential that you regularly review your compliance and make any necessary adjustments.

Over half of UK schools admit to not being GDPR compliant
In a survey by EdTech giant RM Learning and Trend Micro, more than half of UK schools and colleges admitted to not being fully compliant with the Regulation. Of these, 14% also admitted to not having a clear plan to become compliant. Steps schools had taken included updating policies, training staff, appointing a DPO (data protection officer) and carrying out a data audit, but 46% cited a lack of security awareness as one of the biggest compliance challenges. This lack of awareness is reflected in the number of cyber security incidents reported by the sector to the ICO (Information Commissioner’s Office).

Our GDPR Checklist for Schools helps you track your progress towards compliance. It addresses common cyber security concerns and includes vital steps that schools should take.

The checklist comprises the following vital steps:

Understanding your school’s responsibilities under the GDPR
Review how well different groups of staff understand their responsibilities and when they have received GDPR training.

Implement organisational measures that demonstrate compliance
What steps have you taken to better understand your school’s processing and the risks it poses to individuals?

Update key policies and procedures
Review which policies have been updated and whether staff understand the processes they need to follow.

Improve data and cyber security
What steps has your school taken to improve data and cyber security? Is your IT support team adequately trained and resourced?

Only use processors that demonstrate compliance
What have you done to ensure the processors you use are GDPR-compliant?

Be open and transparent with data subjects
How are you helping individuals to understand how you process their data?

Appoint a data protection officer
Have you appointed a DPO and do people know how to contact them?

Improve your school’s compliance with GDPR.co.uk
The GDPR.co.uk platform includes a data breach recording function that can report breaches directly to the ICO, DSAR (data subject access request) recording, staff GDPR training, and data and supplier mapping – all the elements required to demonstrate GDPR compliance.

We offer a 10% discount on all our products and services to ASCL member schools.

Click the image below to request your free copy of the GDPR Checklist for Schools.