Information governance advice for schools
All schools in Devon are individually responsible for ensuring that they comply with the requirements of the General Data Protection Regulation (GDPR) the Freedom of Information Act (FOIA) 2000.
If you are unclear about your obligations under either legislation or would like more specific support with a particular Information Governance issue or request, please contact the Information Commissioner’s Office on 0303 123 1113.
Devon County Council is not legally obliged to provide support to schools or academies to assist them with enquiries under information disclosure legislation. However, to assist schools the council has compiled the following guidance.
General Data Protection Regulations
General information on the new regulations is available from:
- Devon County Council
- Information Commissioners Office
- General Data Protection Regulations – printable guide
More specific help is available via the information on the links below:
Devon County Council has also produced a Photography and filming in schools Code of Practice.
The Council has also produced a series of template policies to help schools meet their obligations under the GDPR. These policies are available for schools to download and adapt below:
- Data Protection Policy
- Data Subject Rights Procedure
- Information Assurance Policy
- Privacy Impact Assessment Procedure
- Security Incident Management Policy
- Security Incident Management Procedure
Under the GDPR schools have a responsibility to ensure that data protection controls are built in to all contracts which involve the processing of personal data. To help support this obligation the County Council has produced a template GDPR data processor agreement which can be used whenever schools wish to contract with an organisation they want to process personal data on their behalf. These standard terms are available from the link below:
Freedom of Information Act 2000
|Obligation||Published guidance||More information|
|Apply exemptions appropriately||Read the ICO’s guidance on Refusing a request||Contact the Information Commissioner’s Office on 0303 123 1113|
|Maintain a publication scheme||Read the ICO’s guidance on Publication schemes||Contact the Information Commissioner’s Office on 0303 123 1113|
|Refusing a request appropriately||Read the ICO’s guidance on Refusing a request||Contact the Information Commissioner’s Office on 0303 123 1113|
|Respond to requests within 20 working days||Read the ICO’s guidance on Handling a request||Contact the Information Commissioner’s Office on 0303 123 1113|