The General Data Protection Regulation (GDPR) is an EU-wide law designed to tighten security around data handling – and millions of UK organisations are affected. With compliance mandatory from 25 May 2018, schools, Trusts and LAs need to review and adjust their systems and processes to achieve GDPR compliance in time.

How will your school be affected?


GDPR marks a significant shift in regulation – with four key changes that will affect every school in the UK. As education data experts, we’re perfectly placed to help, with a complete solution that supports your school or Academy Trust all the way to compliance.



Data Protection Officer


All schools need someone to act as Data Protection Officer - taking on the responsibility for data handling and management. Regulations around data handling are very specific, so it is important that your Data Protection Officer resource is on top of the new requirements including the six legal justifications for keeping data. 

Third Party Suppliers


Your relationships with third party suppliers need careful monitoring. As the ‘data controller’, your school needs to ensure that all suppliers that handle data are fully compliant with GDPR, from catering services to software providers. This should be documented in a formal contract for every supplier, detailing how data is stored and processed.

Rights of Data Subjects


GDPR also specifies the rights of ‘data subjects’, who can now request to see all the data that schools are processing about them. Any data subject, from former pupils to parents, and staff to governors can request that their information is removed from school databases, and you will have to do so unless you are still inside the legally required retention periods.

Clear Audit Trail


Your school’s Data Protection Officer, and anyone else handling school data, must be able to produce a clear audit trail for all uses, with evidence of acting within the GDPR. The deadline is May 2018 - and you need to be ready in advance.



Find out more about GDPR compliance from Groupcall

What do you need to do now?



Appoint a Data Protection Officer (or part of a shared DPO resource).

Review and re-issue updated privacy notices in detail.

Establish a legal basis for all personal data you store.

Ensure processes are in place to detect, report and investigate data breaches.

Learn more

7 steps to GDPR compliance



We bring your strategic team together with a qualified GDPR practitioner so you can gain an understanding of GDPR and what it means for schools – from the requirements that the regulations will impose on you, to the steps you need to take.



We’ve partnered with Michelmores Solicitors to give you all the latest policy and privacy documents in line with GDPR. We’ll also provide practical advice and training so your staff know how the policies should work in practice.


Data Mapping

We’ll provide templates that enable your senior staff to map how you currently manage and process personal data, as well as self assessment checks. To make third party mapping even easier, GDPRiS now has over 1000 suppliers (and counting!) mapped in the GDPRiS management tool.



Our training sessions, on or off site, enable us to forge a long-term partnership with you so we can address the GDPR issues that you, or your schools are facing. We’ve already provided high quality GDPR training for thousands of UK school staff.



The GDPRiS management tool is an intuitive and cost-effective system that enables you to manage and comply with GDPR, all in one location. GDPRiS helps you to manage supplier relationships; data map your existing products, processes and services; schedule audits; report data breaches; store documents and manage staff with access to pupil data.


DPO Services

Many schools choose to appoint a Data Protection Officer from their existing team, or hire a dedicated DPO. If that’s not right for you, our partners can provide DPO services for your school or Trust.


Ongoing Compliance

Meeting the initial May 2018 deadline is just the start. A combination of the GDPRiS platform, expert training and on-going legal advice from Michelmores' JustAsk service (as required) will give you the most solid foundation for GDPR compliance, now and into the future.

Learn more

GDPRiS-web-logo-1 (1)-2.png



At Groupcall, we’ve partnered with the experts at GDPR in Schools (GDPRiS) who are leaders in the use of personal data in education, and how it is stored and shared.

The GDPRiS platform is an invaluable tool for schools, Data Protection Officers, local authority support teams and multi-academy trusts - a truly innovative cloud-based solution to help take the time, cost and stress out of GDPR compliance.


GDPRiS is the complete data protection compliance tool for schools, helping answer and manage the four key questions about personal data:

GDPR In Schools

Where is it?
GDPRiS tracks and records data flows between all of the places you store and process data. It records whether data is in school or with third party suppliers.

Why do we have it?
GDPRiS logs the reasons for using data, the legal basis for processing it and how the rights of the individual are protected.

How is it protected?
GDPRiS records the processes that you and your suppliers use to protect personal data. It helps guide all your staff to a new level of data protection understanding.

Can we prove it?
As well as enabling you to easily conduct internal audits and report on data breaches, GDPRiS brings all evidence you need together in one place.


Learn more

Find out more

Discover how Groupcall can help your school on the journey towards GDPR compliance.