Skip to main content

Key tasks to ensure compliance with the Data Protection Act 2018, the Freedom of Information Act 2000 and the General Data Protection Regulation (GDPR).

Key tasks to ensure compliance with GDPR

Schools are required to complete a series of key tasks in order to ensure compliance with the GDPR. If your school has not yet completed these tasks you must do so urgently and, in the interim, you must ensure you are able to demonstrate an awareness of the requirements and have a plan in place for achieving full compliance.

The key tasks to complete are as follows:

  1. Appoint a Data Protection Officer (DPO).
  2. Complete an Information Asset Register and information audit including a record of your reasons for processing each data type and how long you need to retain each data type.
  3. Review and update your Privacy Notices.
  4. Review and update arrangements with 3rd party Data Processors.
  5. Review and develop internal Data Protection Procedures and Policies.
  6. Ensure the staff and volunteers at your school receive GDPR awareness training.
  7. Review your Subject Access Request (SAR) Procedures.
  8. Review your Data Breach Procedures.
  9. Ensure you operationalise your policies and procedures and continuously review and improve them.

You can find out further information about any of these aspects of GDPR compliance by visiting the links on this page, or visiting our Training, Tools, Templates and other useful information page.

Contact us

If you have a query about GDPR you can contact the Education Data Hub on tel: 01629 532888, or email: GDPRforschools@derbyshire.gov.uk

The Education Data Hub also has its own website which contains full details of the services provided, including template policies, privacy notices, DPIAs and other useful documents.

Related Content

Also see