This checklist will help you review which policies and procedures the school needs and what they should contain to protect the data in your care and support the school's GDPR compliance.
We run through what information should be included in all policies and then itemise what should be included in the following:
- Privacy notices;
- Acceptable use policies and processes;
- Password policies and processes;
- Email policies and processes;
- Access control policies and processes;
- The data protection policy;
- Data sharing processes;
- Incident reporting processes;
- Data subject access request policies and processes;
- The bring your own device policies and processes;
- The remote working policy;
- Supplier management;
- Staff training and awareness;
- Data collection forms or similar; and
- Data protection impact assessments (DPIAs).
This is a really useful resourse for all schools.