GDPR in Schools

How to: Conduct a data audit

Conducting a data audit is the first step to understanding your data landscape, ensure compliance with regulations like GDPR, and identifying risks related to data protection. Many schools and MATs use external auditors however if you prefer to do...

Virtual School Heads: sharing vulnerable children's data

Balancing privacy and protection. Sharing student data is an essential responsibility for schools, especially for vulnerable children who face challenges requiring additional support. Whether it’s for safeguarding, accessing services, or maintaining...

Should AI note-takers be used in schools?

Understanding the risks and compliance considerations. AI is revolutionising the workplace by enhancing operations and boosting efficiency. A notable trend is the adoption of AI-driven note-taking tools like Otter.ai and Microsoft Copilot, which...

How to: consider harms resulting from data processing

Risks result from adverse effects of data processing and data breaches. What adverse effects do we need to consider? In doing Data Protection Impact Assessments (DPIAs), we are considering risks that result from possible harms to data subjects....

How to: effectively respond to FOIs

Responding to Freedom of Information (FOI) requests correctly and within mandated timescales is an important part of complying with the principles of transparency and accountability under the GDPR and the Freedom of Information Act 2000. We have put...

Awareness Training: Essential for Cybersecurity

Did you know, in 2023, 76% of UK ransomware victims were in the education sector? Schools are prime targets for cybercriminals, with phishing attacks leading the way. In fact, over 94% of educational organisations reported being targeted by phishing...

Data Protection: Which lawful basis?

Under UK GDPR, and as Controller, you must have a lawful basis for processing personal data (and remember that anything you do with personal data – including storing it or deleting it – counts as processing). UK GDPR won’t make processing lawful...

Loading

End of content

No more pages to load