GDPR Compliance

The GDPR was enacted into UK Law under the Data Protection Act 2018 (DPA). The DPA imposes legal obligations on schools and the ways they must manage and process personal data. It is essential that all schools in the UK, as well as a large percentage of British international schools implement GDPR compliant practices in their day to day operations. In addition to the powers of the Information Commissioner’s Office (ICO), Ofsted now includes data protection compliance within their inspection criteria with a greater chance of reputational damage from bad data handling. ESP can offer your school a variety of support packages to protect you, your school and your governing body.

GDPR places responsibility on schools to adequately protect the personal data in their care. This is especially true of children’s personal data, with extra requirements for how special category data such as medical details and biometrics are handled. You are accountable and must demonstrate your compliance to the Regulation by appointing a Data Protection Officer (DPO). The DfE stress that the DPO must be "sufficiently removed from those making technology or processing decisions". The need for impartiality can make it difficult to appoint a current member of staff to the role as there is likely to be a conflict with their other duties.

At ESP we offer a variety of GDPR and DPA support services to suit the needs of your school. These vary from GDPR compliance Health Checks, through advice and guidance for your school-based DPO to fully commissioned external DPO provision. By engaging with ESP to support your school's GDPR compliance you are engaging a team with extensive knowledge of schools and school leadership alongside the legislative requirements of GDPR and DPA.

To request more information on our GDPR and DPA support services, please email Mark Bignell on mark@espeducation.co.uk

GDPR Compliance

Educational Success Partners Ltd

Find Out More