Any school (i.e. Non RM Integris schools) that would like to receive support from CBICT regarding GDPR (including many useful resources) can do so from here


GDPR Overview - a brief outline of the GDPR requirements from our briefing sessions.

GDPR FAQs (updated v.3 18/4/18) - responses to questions raised at the briefing sessions.


Data Governance Framework

Data Protection Governance Framework (for subscribers only) follow our framework to access advice and resources to undertake the necessary processes for compliance (i.e. a Subject Access Request template policy; Data Breach Policy template and more…).

Government/DfE Documents

  • DfE’s GDPR Schools Toolkit – a few Central Beds and Bedford Borough schools have contributed to this toolkit. It contains useful information and resources to help schools work towards compliance with the regulations.

National Cyber Security Centre - has produced some guidance and resources for schools:


Questions for governors and trustees to help schools’ understanding of their cyber security risks 

Audit Findings Report - NCSC & London Grid for Learning (LGFL) undertook a joint audit of cyber security in UK schools earlier in 2020

Latest news on GDPR from ICO

Findings from ICO advisory visits to nurseries (Feb 2018) – useful ‘Areas for Improvement’ section applicable to all schools

ICO’s Guidance on GDPR 

Specific links:

ICO Guidance for Educational Establishments  where you can find specific guidance currently under DPA on:


  • Data Protection for Education Webinar – recording and slides

  • Fundraising & Marketing

  • CCTV

  • Information Rights video for schools

  • Lesson plans

  • Subject Access requests

  • Biometrics

  • Publishing results

  • Taking photos

Local Blogs

Case Study - Photocopiers

Case Study - Sharing Data

GDPR LiteBites

LiteBite 20 - Subject Access Request Report - how to deal with extracting data for SARs 

LiteBite 21 - Deleting Records - how to permanently delete pupil or staff records

LiteBite 22 - Recording Parental Consent - using the new parental consent screen to store consent options

DfE Blogs on GDPR

Video GDPR Guidance for Schools

GDPR Readiness: Focus on Catering

Twelve steps to take now, or twelve steps to take later?

Talking with Staff on GDPR