May 25, 2019, marked the GDPR one-year anniversary. However, despite this milestone, there is still some confusion within schools over what exactly is expected of them with regard to data compliance – which is not all that surprising given the complexity of this area of law. Below are some of the common questions I come across and some quick advice.
If you want to share any personal data, no matter how much data or how important it is, you have to identify a “lawful basis” (a legal reason) to do it. The available lawful bases, in summary, are:
In the majority of cases, you can use the public task basis. If the data you are sharing is sensitive – known as “special category data” – you also need to decide on a “condition of processing”. Take particular care when establishing a lawful basis for sharing pupil and staff medical information and safeguarding information, as these are risky areas.
Register now, read forever
Thank you for visiting Headteacher Update and reading some of our content for professionals in primary education. Register now for free to get unlimited access to all content.
What's included:
-
Unlimited access to news, best practice articles and podcasts
-
New content and e-bulletins delivered straight to your inbox every Monday
Already have an account? Sign in here