GDPR is the buzzword of the month.  Your inbox has no doubt been inundated with GDPR- related emails and privacy policy updates. You’ve suddenly found yourself very popular now that everyone wants to keep hold of your valuable information and is begging you not to leave. But you’ve found that your newfound power is beginning to wear off as you find googling has become a constant consent form, (for goodness sake, yes you can have my cookies!).

But what do the new data protection regulations mean for schools and what do you need to know as a teacher?

Schools handle a large amount of personal data on both staff and pupils, from images and medical info to job applications and trade union memberships, to name a few. Schools will be expected to appoint a member of senior leadership responsible for data protection and provide GDPR compliance training for all staff. Much of the work on GDPR compliance in schools will be handled at leadership level but will affect the day-to-day working routines of teachers. Here’s what you need to know.

A laptop on a white desk next to a pot plant.

What do I need to do?

 GDPR mainly affects the way you handle data and carry out administrative tasks. You will need to adopt a number of basic security practices to make sure you’re handling sensitive information correctly:

  1. PC security. Make sure your anti-virus software is always up-to-date. Make sure any personal information you keep on your computer or devices is encrypted, so that it is not easily accessible if stolen. It’s also a good idea to keep personal and work-related info separate.
  2. Email security. Always use your school email account for any work-related communication. Consider password-protecting sensitive documents you send by via email and never open attachments from unsolicited emails.
  3. Be careful when working from home. Teaching often requires completing work, like marking, at home. You should always consider the risks of taking hard-copy documents home as well as saving documents on computers you share with others at home. Also, be wary of becoming reliant on USB sticks, they can so easily get lost and end up in the wrong hands. When you do use a USB, make sure it is encrypted or password-protected.
  4. Get in to good habits. Learn to always log out of your computer when you leave the room, whether working at school or at home- you never know who is around to access your desktop.
  5. Adopt best practice when using new classroom apps or IT tools. One of the joys of teaching is the ability to experiment in the classroom, including trying out new tools for engaging your students in class. That’s still fine, but make sure you inform your school’s designated Data Protection lead and follow your school’s procedures when it comes to formal regulation of classroom apps and subject-specific software. This involves understanding what sorts of personal data may be involved and any potential data risks.
  6. Report risks. This is really important. If you suspect a security risk or a personal data breach has taken place, then it is your duty to report it to your school’s designated data protection officer.

A pile of large folders balanced on top of each other.

What are my rights?

GDPR gives you more protection as an employee with greater control over how your personal data is processed by current and previous employers. You have the right to access and request erasure of your data, such as your CV held by previous employers. This is of greater significance if you work as a supply teacher under a recruitment agency.

What does GDPR mean for supply teachers?

GDPR has a significant impact on supply teachers and their relationship with the recruitment agencies they work under. Recruitment agencies hold a large amount of personal information on their clients and the new rules now bring up some big changes in terms of agency transparency and processing of personal data.

Agencies must now have your consent to:

  1. Store your personal data, including CV
  2. Contact you about vacancies or marketing
  3. Share your CV or data with companies or schools for roles

Agencies will also need to update your contract of service which should include:

  1. How your data is stored
  2. How long your data is stored for
  3. What purpose your data is being stored for
  4. Your right to access your data
  5. Your right to request removal of your data

This is by no means an exhaustive guide and is not a legal document. For more information or specific advice, consult your employer or check the DfE website.


Build your profile, be visible to schools looking for staff and find your next job at RealiseMe. Book supply work direct with schools, without an agency and join a supportive community of education professionals, completely free!

Find Out More | Sign Up Free!

Rate this blog