Details of available tools and training and other useful resources.
Please note, if your school purchases the Data Protection Officer Service from GDPR in Schools/the Education Data Hub, the policies and templates you should use are all now available to download from your subscribers area within Services4Schools. The Education Data Hub also has its own website which contains full details of the services provided, including template policies, privacy notices, DPIAs and other useful documents.
The Education Data Hub is able to offer GDPR training sessions to support you and your teams. Topics will include:
- GDPR in-depth - from privacy and legal processing to supplier compliance issues and breach procedures
- GDPR awareness - an updated session for your new starters
Details of current and upcoming GDPR training sessions can be found on the Services4Schools training page.
Toolkits and resources for schools
For schools that do not subscribe to the Data Protection Officer service from the Education Data Hub, there is a variety of free resources that are available to assist you.
The ICO has comprehensive advice on compliance with Data Protection laws in their SME web hub area. This includes advice on Paying the ICO Registration Fee, Data Protection Self-Assessment, Responding to a Personal Data Breach, How to Respond to a Subject Access Request, Advice on Installing CCTV and Data Protection Impact Assessments (DPIAs).
The ICO has also produced guidance specifically for schools in relation to the Age Appropriate Design Code (the Children's Code) which contains important guidance on what due diligence schools should be conducting when using services accessed by children.
The Department for Education (DfE) published a Data Protection: Toolkit for schools guidance document. This guidance is aimed at helping schools develop policies and processes for data management, from collecting and handling data through to the ability to respond quickly and appropriately to data breaches.
The Information Records Management Society has also written a Toolkit for Schools. This contains lots of useful guidance on all aspects of Data Protection as well as a Model Retention Policy.
Data sharing and privacy notices
Advice and guidance on data sharing and privacy notices can be found on the Information Sharing page of this site. Guidance and templates for privacy notices can be found on the DfE website.
Use of walkie-talkies
It's possible for conversations to be heard by anyone in possession of a walkie-talkie or similar device.
It is therefore essential to avoid the personal identification of pupils and the transmission of any confidential or sensitive information.
Whilst we are unable to offer any specific expertise on walkie-talkies, we are aware that technology exists to transmit this information in a scrambled or encrypted manner, and you are advised to take this into consideration when making a decision to purchase any walkie-talkies.
Some walkie-talkie systems require a user licence and you should check whether a licence is required before purchasing a system.
Phishing, scams and fraud
Data security is an important part of compliance with GDPR, it is your responsibility to keep up to date with the latest security threats. Please see our information on fraud and scam alerts for updates.