Free resources

Slide Helping schools achieve compliance Working with almost 3,000 schools Provides evidence-based accountability Whole-school approach to Data Protection Simple, intuitive user interface GDPRiS Book Demo

Free GDPR resources

We’re here to help

Our free resources are designed to help schools understand the changes to the data protection law under the GDPR and the new Data Protection Act 2018. We continuously add new resources, so please revisit this page regularly.

Click on the tabs below to access our FREE printable guides and essential information.

What is an audit?

The term ‘audit’ can mean many things within the Data Protection world. However, in simple terms you and your DPO carry out an audit to double check the personal data you process and use, and ask other organisations to manage for you, is kept safe to ensure you protect the rights of the individuals you serve. It can be likened to a MOT on your car – you keep it running well at all times, but once a year an independent body checks its OK. Use the guides below to help you carry out an audit.

What you need from your suppliers

You must first establish whether your supplier is a data processor for you or if you have a B2B relationship.

Here are some documents to help:

ICO visits to schools and early years settings

Advisory visit v Audit visit

The number of Advisory visits to schools continues to grow and it can be seen that Audit visits have started and are being carried out within MATs.
So what is the difference between an Advisory visit and an Audit visit?

Will we suddenly get notification of an ICO Advisory or Audit visit as happens with OFSTED?
Not at all!
Unless you have done something very serious indeed, ICO will not visit unless they are invited.

They offer freely to come to an organisation to carryout either an Advisory visit or an Audit. An Advisory visit is something to be encouraged; an audit would be even better but it is doubtful ICO will have sufficient resources to carry out audits in many schools.
You can find out more information and how to book an Advisory visit or Audit here.

Advisory visits involve a one day, informal visit from the ICO to look at how your organisation works, what kind of personal information you hold and what you do with it. You will receive a report which is not published on the ICO website, however they will publish that an Advisory Visit has taken place.

Many schools have been in contact with the ICO and have been invited to receive a visit from an ICO team. A GDPRiS school in London received such a visit and has asked us to share their experience with other schools, if you would like to find out more please get in touch

Audit visits normally take place over 3 days and look at the way you handle personal data in a more detail than an Advisory visit. The same areas are covered but there is an in-depth review of each area. This will be published on the ICO website.

The ICO audit team recently updated their advice on audits which you should find very interesting.  It will help you focus on how you carryout your own internal audits.

You can find this updated advice HERE

Nurseries and Early Years settings – ICO produced an Overview Report of data security in nurseries. The report of the findings HERE is well worth a read for leadership teams in this sector.

Data Breaches – be ready

A data breach is when confidential, private, or sensitive information escapes out of its secured environment. Data breaches can occur accidentally, or as the result of a deliberate attack.

Every year millions of people are affected by data breaches and schools and early years settings are no exception. Whilst every responsible organisation does its best to keep data safe, when a breach does occur everyone must know what to do, when to do it and how to report it.

Here’s some really useful resources to help you prepare for data breaches

Information from the DfE

The DfE has plenty of useful support materials. The Data Protection ToolKit for schools will be regularly updated so it’s a good idea to visit every now and then.

Information from ICO

ICO (Information Commissioner’s Office) is the organisation which oversees that data protection laws are applied in all organisations including education. Their resources, although not always directly applicable to schools and early years settings, are an excellent source of information.

Data Protection Awareness Posters

It’s not rocket science! Download and display our free poster throughout your premises to remind all staff that everyone has a responsibility to protect personal data and help you demonstrate your commitment to data protection to all.

A4 full colour Data Protection Awareness Poster
A4 Ink-friendly Poster
Data Protection Awareness Poster
A4 full colour GDPR in the Office Poster

Access the full series of posters

We have produced a whole series of data protection posters that you can download and use free of charge when you sign up.

Sign up

How is your school doing?

Free training videos

Staff training video

Legal basis for processing

12 steps to compliance

Mind Map videos

Build a data eco-system

Data protection

Keep parents informed

Mind Map printables

Mind Map: Build your data eco-system

A useful handout to accompany our Mind Map video – print this out to help to remind staff of your commitment to ensure personal data is kept safe and secure.


Mind Map: School data protection

A useful handout to accompany our Mind Map video – print this out to help to remind staff of your commitment to ensure personal data is kept safe and secure.


Mind Map: Keep parents informed

A useful handout to accompany our Mind Map video – print this out to help to remind staff of your commitment to ensure personal data is kept safe and secure.