GDPR training for schools & school staff

 

The General Data Protection Regulation (GDPR) came into force on 25th May 2018, and post-Brexit the UK implemented its own version, the UK-GDPR, alongside the Data Protection Act 2018.

 

It is essential for all school staff to understand their responsibilities when handling personal data. This course provides clear, practical guidance in a factual way, ensuring staff know what they should be doing to keep data safe and compliant.

 

Schools handle a wide range of personal data daily—from pupil and staff information to financial and medical records. Non-compliance with GDPR can lead to legal issues, reputational risk, and potential fines.

 

This course equips staff with the knowledge and practical steps required to protect personal data, comply with regulations, and implement best practices in data management. Part 1 is suitable for all staff, while Part 2 is aimed at those responsible for data protection.

 

Session 1 – Introduction to GDPR & Personal Data

• Overview of GDPR and UK-GDPR

• GDPR requirements for schools

• Privacy by design principles

 

Session 2 – Lawful Basis for Processing Data

• Understanding lawful bases for holding personal data in schools

• Consent considerations

 

Session 3 – Basic Security

• Practical steps to keep personal data secure

• Data handling best practices

 

Session 4 – Data Breaches & Subject Access Requests (SARs)

• What to do in the event of a breach

• Managing and responding to SARs

 

Session 5 – Special Considerations for Schools

• Pupil data, staff data, and sensitive categories

• Managing educational and safeguarding information

 

Session 6 – Privacy Notices (Part 2)

• How to write and communicate privacy notices effectively

 

Session 7 – Data Retention

• Policies and procedures for retaining and deleting data appropriately

 

Session 8 – The Role of the Data Protection Officer (DPO)

• Do you need a DPO?

• Responsibilities and best practices

 

Session 9 – Rights of Data Subjects

• Overview of subject rights under GDPR

• How to respond to requests and maintain compliance

 

Session 10 – Steps for Compliance

• Practical guidance for ensuring ongoing compliance

• Internal procedures, monitoring, and continuous improvement

Outcomes - By the end of the course, participants will understand the principles and requirements of UK-GDPR and the Data Protection Act 2018; know how to handle personal data securely and lawfully; be able to respond appropriately to data breaches and subject access requests; understand the responsibilities of the DPO and the school leadership team; implement practical steps to maintain GDPR compliance across the school; gain confidence in protecting sensitive information and reducing risk