Free GDPR resources
We’re here to help
Our free resources are designed to help schools understand the changes to the data protection law under the GDPR and the new Data Protection Act 2018. We continuously add new resources, so please revisit this page regularly.
Click on the tabs below to access our FREE printable guides and essential information.
What is an audit?
The term ‘audit’ can mean many things within the Data Protection world. However, in simple terms you and your DPO carry out an audit to double check the personal data you process and use, and ask other organisations to manage for you, is kept safe to ensure you protect the rights of the individuals you serve. It can be likened to a MOT on your car – you keep it running well at all times, but once a year an independent body checks its OK. Use the guides below to help you carry out an audit.
What you need from your suppliers
You must first establish whether your supplier is a data processor for you or if you have a B2B relationship.
Here are some documents to help:
ICO visits to schools and early years settings
Advisory visit v Audit visit
The number of Advisory visits to schools continues to grow and it can be seen that Audit visits have started and are being carried out within MATs.
So what is the difference between an Advisory visit and an Audit visit?
Will we suddenly get notification of an ICO Advisory or Audit visit as happens with OFSTED?
Not at all!
Unless you have done something very serious indeed, ICO will not visit unless they are invited.
They offer freely to come to an organisation to carryout either an Advisory visit or an Audit. An Advisory visit is something to be encouraged; an audit would be even better but it is doubtful ICO will have sufficient resources to carry out audits in many schools.
You can find out more information and how to book an Advisory visit or Audit here.
Advisory visits involve a one day, informal visit from the ICO to look at how your organisation works, what kind of personal information you hold and what you do with it. You will receive a report which is not published on the ICO website, however they will publish that an Advisory Visit has taken place.
Many schools have been in contact with the ICO and have been invited to receive a visit from an ICO team. A GDPRiS school in London received such a visit and has asked us to share their experience with other schools, if you would like to find out more please get in touch
Audit visits normally take place over 3 days and look at the way you handle personal data in a more detail than an Advisory visit. The same areas are covered but there is an in-depth review of each area. This will be published on the ICO website.
The ICO audit team recently updated their advice on audits which you should find very interesting. It will help you focus on how you carryout your own internal audits.
You can find this updated advice HERE
Nurseries and Early Years settings – ICO produced an Overview Report of data security in nurseries. The report of the findings HERE is well worth a read for leadership teams in this sector.
Data Breaches – be ready
A data breach is when confidential, private, or sensitive information escapes out of its secured environment. Data breaches can occur accidentally, or as the result of a deliberate attack.
Every year millions of people are affected by data breaches and schools and early years settings are no exception. Whilst every responsible organisation does its best to keep data safe, when a breach does occur everyone must know what to do, when to do it and how to report it.
Here’s some really useful resources to help you prepare for data breaches
Information from the DfE
The DfE has plenty of useful support materials. The Data Protection ToolKit for schools will be regularly updated so it’s a good idea to visit every now and then.
- Data Protection Toolkit for Schools
- General Information and advice
- Privacy Notice Model Documents
- Talking about GDPR with your staff
- Twelve steps to take now, or 12 steps to take then?
- GDPR: Focus on Catering
Information from ICO
ICO (Information Commissioner’s Office) is the organisation which oversees that data protection laws are applied in all organisations including education. Their resources, although not always directly applicable to schools and early years settings, are an excellent source of information.
Data Protection Awareness Posters
It’s not rocket science! Download and display our free poster throughout your premises to remind all staff that everyone has a responsibility to protect personal data and help you demonstrate your commitment to data protection to all.
Free training videos
Staff training video
Legal basis for processing
12 steps to compliance
Mind Map videos
Build a data eco-system
Keep parents informed
Mind Map printables
Mind Map: Build your data eco-system
A useful handout to accompany our Mind Map video – print this out to help to remind staff of your commitment to ensure personal data is kept safe and secure.