Data Protection & GDPR for School Support Staff

Support staff process the most diverse personal information and will often have access to large datasets including highly confidential information relating not just to students but also colleagues, governors, alumni and supporters. Support staff need to know the data protection basics, how to recognise and handle a personal data breach, how to share personal data securely (and when to say “no” to a data sharing request), how to recognise when someone is exercising their legal rights in relation to their data such as a subject access request and how to handle data protection related complaints.
Current Status
Not Enrolled
Get Started
Data Protection & GDPR for School Support Staff

Course Description

Data Protection & GDPR for School Support Staff has been built by senior leaders from leading schools in conjunction with specialist data protection lawyers, and as such provides the perfect grounding for support staff to quickly understand when and how the new data protection rules are engaged specifically for them. Learning is far more efficient because the content is specifically relevant to you.

If you are part of the non-teaching staff within school then depending on your role, you are likely to have access to the most diverse datasets relating not just to students but also to other staff and those outside the school such as alumni and supporters. Just like teachers, you’ll face deadlines and targets which mean you’ve learned to work rapidly. In this context, accidents around handling personal data can and do happen, sometimes with serious consequences. This module will shine a light on the sort of tripwires you face and what to do if you see a data breach.

Not for you? We have dozens of different data protection modules catering for different job roles in school. Explore the Tenjin Course Directory.

What's Covered?

  • The key aspects of data protection law that school support staff need to know. E.g. how long should records containing personal data be retained? Can I publish a list of pupils with allergies in the canteen?
  • Identifies the tripwires which support staff contend with and how to avoid them. E.g. when am I expected to encrypt emails? Can I share parents contact details with other parents and if so what’s the safest way of doing this? Does the GDPR require me to “take down” lists of students with specific illnesses and disabilities from the wall? How often should we update parent and staff contact information?
  • Handling personal data securely including communications internally and externally. E.g. how do I send sensitive information via email? Can I release personal information over the telephone? How do I handle a request for personal information from the Police or Social Care?
  • Sharing pupil information with other staff in school and third parties outside school;
  • Working from personally owned devices (BYOD) and away from school;
  • Links to key school documentation including your Privacy Notice and Data Protection Policy;
  • Recognising and handling the exercise of individual legal rights such as the right of subject access, the right to object to certain types of processing and the right of erasure of personal data. What are the time limits and what do I need to know?
  • Handling data protection related complaints;
  • Recognising and reacting to a personal data breach;
Course length
35 mins
Data Protection and GDPR for School Support Staff
Module Code
All non-teaching staff at any level
Learners should ideally have successfully completed the Data Protection and GDPR in School - Foundation Level (DP01i), or equivalent before doing this module.
Related Modules
DP01i (Foundation Level)

This site uses cookies to enhance your user experience