Data Protection in Schools would like to place a cookie on your computer to help us make this website better. To find out more about cookies and how we use them, please see our Privacy Policy.
Home
Principles And Lawful Basis
Processed lawfully, fairly and transparently
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate, and where necessary, kept up to date
Processed in a manner that ensures appropriate security
Kept for no longer than is necessary
Accountability
Lawful Basis
Data Protection Guidelines
Data Protection and Schools
What is Data Protection?
Who is the data controller in schools/ETBs?
The Role of the Data Protection Commissioner
Do Schools/ETBs have to have a Data Protection Officer?
Data Protection Key Terms
Compliance Audit
Compliance Checklist
Compliance to Do List
Sensitive Personal Data
Collection and retention of Sensitive Personal Data
Sensitive Personal Data - Employees
Sensitive Personal Data – Students
Records Retention
Retention Records Schedule
Student Records Retention
What makes up a Student Record?
Student enrolment application forms
Student Attendance Records
Students transferring between schools
Transferring data in relation to students with special educational needs
Removal from the register
Child Protection Records
Employees Records
Employee Records Policy
Recruitment & Selection Process
Garda Vetting Outcomes/Disclosures
Payroll Records
Health & Safety Records
CCTV Records
School Tours information
Fundraising and Direct Marketing
Charitable Donations
Banking information (Direct Debit/Credit Card etc.)
Retention Periods for Credit/Debit Card Details
School Closure/Amalgamation
Boards of Management Minutes
Data Access Requests
Parental Access Requests
State Requests for information
Handling requests to rectify personal data
There is No Age of Consent for Access Requests
Requests for CCTV footage held
Data Subject Access Requests
Is a school/ETB obliged to seek proof of identity?
What should you do if a request is made under FOI?
Storage & Security
Data Security Guidance
Guidance on Laptops and other portable devices
Logs and Audit Trails
CCTV
Use of CCTV Systems in Schools
Covert Surveillance
What if a school is asked by a law enforcement authority for access to the recordings?
Guidelines on use of CCTV Footage
Taking & Using Images/Photos
What is considered good practice when schools/ETBs take photos of their students?
What is ‘informed consent’?
Images taken by pupils
Coursework Photos/Images
Other People Taking Photos of Children at School Events
Use of PPS numbers
Relevant Use of a PPS
Third Party Service Agreements
Legal Obligations
Content of the Service Agreement
Checklist
Schools & Direct Marketing
Consent
Contact in Case of Emergency
Information, Unsubscribing, & Penalties
School Websites
What should be in a Website Privacy Statement?
Cookies
Biometric Systems
Carrying out a Privacy Impact Assessment
Transferring Personal Data Abroad
What is an adequate level of data protection?
FAQs
GDPR
Resources
Acmhainní
Training
Past Events
Download List
Have we developed an internal data protection policy? See Data Protection Policy Template
Note to ETB schools: the school’s data protection policy shall be promulgated by the ETB and handed down to the school board of management to be ratified and adopted. In this way, all ETB schools in a ETB area will have consistent Data Protection Policies.
Where we have third parties processing personal data for us (e.g. CCTV monitoring companies, external HR/payroll companies, cloud computing, off-site archiving etc.), do we have written data processing agreements/service level agreements in place? See Content of Service Agreements
Does this data processing agreement/service level agreement incorporate our school/ETB Personal Data Security Breach Code of Practice?