Your favourite documents
Article 28 of the UK GDPR requires that a specific set of data processing clauses is included in any contract between the school or Trust and any supplier or IT application processing personal information on your behalf. To assist you, we have checked the contracts for many commonly used processors and provided an assurance rating. This information can be added to the data processor list in your Information Asset Register. Please note that this document will be updated regularly and is subject to change.
Last updated: 23 June 2022
Most schools participate in surveillance activities without realising it. For example, CCTV and e-monitoring are forms of surveillance. Use of biometrics such as fingerprints is a similarly high-risk area of processing that requires consideration of privacy implications and transparency requirements. This themed audit will help schools carrying out CCTV, e-monitoring and/or collection of biometric data to ensure that you have the appropriate documentation and records to carry out these activities in accordance with the law.
Last updated: 3 August 2022