Skip to main content

Key tasks to ensure compliance with the Data Protection Act 2018, the Freedom of Information Act 2000 and the General Data Protection Regulation (GDPR).

Key tasks to ensure compliance with GDPR

Schools are required to complete a series of key tasks in order to ensure compliance with the GDPR. If your school has not yet completed these tasks you must do so soon and, in the interim, you must ensure you are able to demonstrate an awareness of the new requirements and have a plan in place for achieving full compliance.

The key tasks to complete are as follows:

  1. Appoint a Data Protection Officer (DPO).
  2. Complete an Information Asset Register and information audit including a record of your reasons for processing each data type and how long you need to retain each data type. A GDPR information audit spreadsheet template is available to use.
  3. Review and update your Privacy Notice.
  4. Review and update arrangements with 3rd party Data Processors.
  5. Review and develop internal Data Protection Procedures and Policies.
  6. Ensure the staff and volunteers at your school receive GDPR awareness training.
  7. Review your Subject Access Request (SAR) Procedures.
  8. Review your Data Breach Procedures.
  9. Ensure you operationalise your policies and procedures and continuously review and improve them.

You can find out further information about any of these aspects of GDPR compliance by visiting the links on this page, or visiting our Training, Tools, Templates and other useful information page.

Contact us

If you have a query about GDPR you can call on tel: 01629 532888, and we will endeavour to answer your query, or put you through to someone that can. You can also contact us by email:

Related Content

Also see